RE: [xsl] xsl and xalan extensions/namespaces

Subject: RE: [xsl] xsl and xalan extensions/namespaces
From: "Michael Kay" <mike@xxxxxxxxxxxx>
Date: Fri, 19 Nov 2004 16:49:08 -0000
I don't know if it's of any interest, but the latest Saxon release (8.1) has
APIs that give you full control over how extension functions are bound. You
can write your own class to bind Java functions, or subclass the standard
one, and thus impose any rules you like on the binding process.

Michael Kay
http://www.saxonica.com/ 

> -----Original Message-----
> From: Adam Morgan [mailto:adam.morgan@xxxxxxxxxx] 
> Sent: 19 November 2004 16:32
> To: xsl-list@xxxxxxxxxxxxxxxxxxxxxx
> Subject: RE: [xsl] xsl and xalan extensions/namespaces
> 
> Well... I'm still not convinced.
> 
> Yes, I could parse the xsl stylesheet to see what namespaces they are
> using.. but I'm wondering if there's any xalan utility to do this for
> you...
> 
> -----Original Message-----
> From: Adam Morgan [mailto:adam.morgan@xxxxxxxxxx] 
> Sent: Thursday, November 18, 2004 4:39 PM
> To: xsl-list@xxxxxxxxxxxxxxxxxxxxxx
> Subject: RE: [xsl] xsl and xalan extensions/namespaces
> 
> Actually, I think I've answered my own question... the only extensions
> they should be able to access are ones I've set as properties of the
> Transform object I'm using, no?
> 
> Anyone, anyone? =)
> 
> adam
> 
> -----Original Message-----
> From: Adam Morgan [mailto:adam.morgan@xxxxxxxxxx] 
> Sent: Thursday, November 18, 2004 4:13 PM
> To: xsl-list@xxxxxxxxxxxxxxxxxxxxxx
> Subject: [xsl] xsl and xalan extensions/namespaces
> 
> Is there any way to police what namespaces/xalan extensions are being
> used in an xsl transform?
> 
> Ex, you have a jsp which does a transform for some of its rendering...
> and you're letting 3rdParties write their own xml/xsl for that part of
> the page...  
> 
> Now, the xml and xsl is bundled in a JAR with any number of their own
> java.classes...
> 
> I only want them to be able to access a single xalan extension of a
> java.class that I wrote... and not let them call their own cause it
> would be a *bit* of a security hole!
> 
> Any ideas??
> 
> Adam

Current Thread