Subject: Re: Fw: Signing of XSL scripts From: Paul Prescod <papresco@xxxxxxxxxxxxxxxx> Date: Sat, 30 May 1998 05:12:06 -0400 |
Martin Bryan wrote: > > You may need to be able to input from a local source because the input > message may contain a value, such as a supplier number or catalogue number, > for which displayable text needs to be taken from a local database. > > You may need to be able to output to a local database to create a local > record of a message sent to a server when processing an XML/XSL form. I don't think that a stylesheet language has any business snooping around the local computer's databases or hard drives. There is a tendency among many people to want to expand XSL until it is a general system for processing everything. Yes, it should be extensible to the point where people could do dangerous things with it. No, it should not in and of itself have any capabilities to do dangerous things. Thus the dangerous extensions are completely the responsibility of the people doing the extensions, and not the W3C WG's. XML can also be extended to do dangerous things through parameter entities. That also is not the W3C WG's problem. Paul Prescod - http://itrc.uwaterloo.ca/~papresco Three things see no end: A loop with exit code done wrong A semaphore untested, and the change that comes along http://www.geezjan.org/humor/computers/threes.html XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
Current Thread |
---|
|
<- Previous | Index | Next -> |
---|---|---|
Re: Fw: Signing of XSL scripts, Martin Bryan | Thread | RE: Fw: Signing of XSL scripts, Boris Moore |
RE: Fw: Signing of XSL scripts, Boris Moore | Date | |
Month |