Subject: RE: [xsl] xsl 1.1 security model? From: "Michael Kay" <mhkay@xxxxxxxxxxxx> Date: Thu, 22 Mar 2001 03:46:36 -0000 |
> There's an interesting problem with xslt 1.1 client-side security. > > Two of the main features are the document and script elements. Is the problem any different from scripts/applets run from an HTML page in the browser? Obviously a browser has to limit what such code can do, but I can't see that XSL creates any new requirements beyond dynamic HTML. > I think that the spec should say something about user-agents > having the ability to disable xsl:script (for anything except XSLT, of course). I guess a note to that effect wouldn't do any harm. But of course the implementor has the option to ignore xsl:script entirely, so such a note wouldn't add anything substantive to the spec. Mike Kay Software AG XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
Current Thread |
---|
|
<- Previous | Index | Next -> |
---|---|---|
[xsl] xsl 1.1 security model?, Francis Norton | Thread | Re: [xsl] xsl 1.1 security model?, Francis Norton |
Re: [xsl] special char in html text, Mike Brown | Date | [xsl] Selection Criteria in XSL, James J Nampalam |
Month |