RE: [xsl] xsl 1.1 security model?

Subject: RE: [xsl] xsl 1.1 security model?
From: "Michael Kay" <mhkay@xxxxxxxxxxxx>
Date: Thu, 22 Mar 2001 03:46:36 -0000
> There's an interesting problem with xslt 1.1 client-side security.
>
> Two of the main features are the document and script elements.

Is the problem any different from scripts/applets run from an HTML page in
the browser? Obviously a browser has to limit what such code can do, but I
can't see that XSL creates any new requirements beyond dynamic HTML.

> I think that the spec should say something about user-agents
> having the ability to disable xsl:script (for anything except XSLT, of
course).

I guess a note to that effect wouldn't do any harm. But of course the
implementor has the option to ignore xsl:script entirely, so such a note
wouldn't add anything substantive to the spec.

Mike Kay
Software AG


 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list


Current Thread