Subject: RE: [xsl] Saxon Servlet XSLT Version 2.0 Implementation Problem From: "Michael Kay" <mhk@xxxxxxxxx> Date: Sun, 1 Jun 2003 21:58:25 +0100 |
The most likely explanation is that you are actually running Saxon 6.x rather than Saxon 7.x, as Saxon 6.x will reject the XSLT 2.0 syntax. Use system-property('xsl:vendor') to check what you are running. The Saxon sample servlet code will actually run whichever XSLT processor is selected using the system property javax.xml.transform.TransformerFactory. I often find that it's convenient to hard-code the setting of this property using System.setProperty() in the init() method of the servlet; in other cases I read the desired property value from the init parameters of the servlet. Relying on the classpath tends to be a bit fragile. > > PS Also, some people have mentioned that implementing the > servlet can be a security risk because people can execute > their own xslt using it... possibly, with evil xslt extension > functions that eMail rude mail and wipe the server hard > drive, does anyone know of an easy way to protect against this? It's a good idea to either (a) set the Saxon property that disables extension functions, or (b) disallow the use of arbitrary URLs for the stylesheet. Michael Kay XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
Current Thread |
---|
|
<- Previous | Index | Next -> |
---|---|---|
[xsl] Adding elements to an existin, thei | Thread | [xsl] Finding out if the current no, Adrian Grigore |
[xsl] Adding elements to an existin, thei | Date | [xsl] Finding out if the current no, Adrian Grigore |
Month |