This is the mail archive of the
xsl-list@mulberrytech.com
mailing list .
RE: xsl 1.1 security model?
- To: <xsl-list at lists dot mulberrytech dot com>
- Subject: RE: [xsl] xsl 1.1 security model?
- From: "Michael Kay" <mhkay at iclway dot co dot uk>
- Date: Thu, 22 Mar 2001 03:46:36 -0000
- Reply-To: xsl-list at lists dot mulberrytech dot com
> There's an interesting problem with xslt 1.1 client-side security.
>
> Two of the main features are the document and script elements.
Is the problem any different from scripts/applets run from an HTML page in
the browser? Obviously a browser has to limit what such code can do, but I
can't see that XSL creates any new requirements beyond dynamic HTML.
> I think that the spec should say something about user-agents
> having the ability to disable xsl:script (for anything except XSLT, of
course).
I guess a note to that effect wouldn't do any harm. But of course the
implementor has the option to ignore xsl:script entirely, so such a note
wouldn't add anything substantive to the spec.
Mike Kay
Software AG
XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list