RE: [xsl] xsl 1.1 security model?

Subject: RE: [xsl] xsl 1.1 security model?
From: "Michael Kay" <mhkay@xxxxxxxxxxxx>
Date: Sat, 24 Mar 2001 03:36:16 +0100
> The ability to write to multiple named documents seems to me
> to be just
> as dangerous as the ability to call external scripts (if not more so -
> after all, ecmascript has no standard way of writing to named files).
> Should the xsl:document element be enabled client-side, or is
> the answer
> so obvious that the question didn't need asking?
> And would an implementation that disabled the xsl:document element
> client-side still be XSLT 1.1 compliant?
It's my understanding that Microsoft are reluctant to implement this feature
client-side, and I think the spec is clear that it's not required for

This approach makes sense, since the requirement for the feature is mainly
fur use during the publishing cycle, not in client-side rendering.

Mike Kay
Software AG

 XSL-List info and archive:

Current Thread