Re: [xsl] Using xsl:output in browsers, was: Re [xsl] XHTML html validation

Subject: Re: [xsl] Using xsl:output in browsers, was: Re [xsl] XHTML html validation
From: "Manfred Staudinger" <manfred.staudinger@xxxxxxxxx>
Date: Tue, 20 Feb 2007 13:38:47 +0100
Using a PI involves the same ActiveX control [as for javascript
invoked transformations]
False.

not popups about ActiveX, but instead, maybe, popups about cross-frame
scripting
No popup in case of iframe.

I could drag on about the unmanageability of using PIs, its lack of
parameter passing possibilities, its complete lack of flexibility,
You should consider PIs not instead, but in addition to the javascript
invoked transformation. This way you will gain additional flexibility!

But like I said, I could go on and on, but if you know all the drawbacks
and if you are willing to pay the extra effort involved, it is quite a stable
and save path to go
You seem not to have explored this path up to now, as many of your arguments
rely on general considerations, not on concrete experience.

Manfred

On 19/02/07, Abel Braaksma <abel.online@xxxxxxxxx> wrote:
Manfred Staudinger wrote:
> There is another downside of Sarissa as it uses active-x. In corporate
> and
> government networks you will find it frequently disabled. A better
> solution
> would have been to use a PI and to load the document into iframes. This
> way the transformation is not dependent on JS either.


No, this is a misunderstanding of Sarissa. Sarissa makes the interface to XSLT Transformations available in a browser uniform way. IE5 and IE6 happen to use ActiveX for this (as for many many other features, as soon as you manipulate the DOM by script you invoke ActiveX), Sarissa can't help that.

Most companies I've seen, have the security settings quite high, but
allow safe ActiveX controls. The reason is simple: almost no HTML
enabled help page will work if you disable this, most of microsoft.com
will not work and certainly not the windowsupdate.com (which is
something administrators visit often). But I agree, it is a downside
which is solved in IE7 where no ActiveX is involved anymore.

(as a side note, a potentially much more dangerous control,
XMLHttpRequest, is also ActiveX, but does not fall under the same
security restrictions because it is invoked differently.... strange
world, isn't it?)

Using a PI involves the same ActiveX control, if the company cares for
security, it may have disabled this entirely. Furthermore, many people
consider it bad practice to show the contents of data when you request
the source of a file, but that is a many debated subject.

I could drag on about the unmanageability of using PIs, its lack of
parameter passing possibilities, its complete lack of flexibility, the
impossibility to use or reuse parts of the result of the transformation,
or the transformation objects itself and the extra effort that is needed
to make all the pieces of your website work together. In the 'Ajax'
community they have understood this and use browser based javascript
invoked transformations. But like I said, I could go on and on, but if
you know all the drawbacks and if you are willing to pay the extra
effort involved, it is quite a stable and save path to go (and not
popups about ActiveX, but instead, maybe, popups about cross-frame
scripting).

-- Abel

Current Thread