Re: Fw: Signing of XSL scripts

Subject: Re: Fw: Signing of XSL scripts
From: Paul Prescod <papresco@xxxxxxxxxxxxxxxx>
Date: Fri, 29 May 1998 10:01:01 -0400
John Dreystadt wrote:
> 
> An alternative direction for secure scripting is the model adopted by
> the TCL community. They use "SafeTCL" which is a variation on the usual
> TCL interpreter. SafeTCL has the dangerous components removed or
> restricted.

ECMAScript is already safe. If I recall correctly, the core language has
no system functions at all. Only extensions could provide access to system
resources.
 
> I believe that we should start by examining what web browsers allow
> ECMAScript to do, determine what needs to be added for XSL (maybe
> nothing) and then determine how to add the new functionality safely.

The things to be added have nothing to do with files, hard disks, dialog
boxes or other system resources. You would have to work hard to add them
in a non-safe manner.

 Paul Prescod  - http://itrc.uwaterloo.ca/~papresco

Three things never trust in: That's the vendor's final bill
The promises your boss makes, and the customer's good will 
http://www.geezjan.org/humor/computers/threes.html


 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list


Current Thread