RE: About xsl:scripts

Subject: RE: About xsl:scripts
From: "Jonathan Borden" <jborden@xxxxxxxxxxxx>
Date: Tue, 13 Apr 1999 22:00:22 -0400
Didier:


>
> If you have the capacity to create object, this would work well
> server side
> but not client side. To be able to create object on the client side is
> equivalent to a security hole. But not on the server. On the server, the
> capacity to create object is useful when you want to link to
> databases (this
> is what ASP scripts do most of the time).

	Except that you can create objects client side using JavaScript embedded in
HTML documents. On the client side, they need to be marked "Safe For
Scripting" to enable this...

	I'm hazy on the exact details, but the gist is that IE implements something
like the IServiceProvider interface which 'filters' the creation of objects
using the CATID_SafeForScripting...

	I'd suspect that the problem is that the XSL embedded script does not get
hooked into the containing service provider interface as it would in an HTML
page... just some wild guesses...

Jonathan


 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list


Current Thread