Subject: Re: [xsl] [XSL] XSL Browser Integration|
From: Abel Braaksma <abel.online@xxxxxxxxx>
Date: Mon, 17 Sep 2007 20:35:52 +0200
In the above case, if you view the source from the browser, you'll see
the raw, unprotected data, since your source is the XML document itself.
In many business cases, there are several parameters and values that
have nothing to do with the presentation of the data, but are crucial to
organizing that data, and should not be available for the user to see
for one reason or another. In your XSLT, you may be discarding these
along the way to presentation, but if you do this on the client side,
you're still including it in the data, and so it'll still be visible to
anyone viewing the site - including, at the absolute worst-case
scenario, Google bots, at which point it's public forever.
This is what I meant when I said "presentational purposes only". If all
that's left to do is take the data that will be displayed on-screen (and
only that data) and make it into a structured, styled HTML document,
then by all means, let the browser take over from there. Until then,
XSLT still has great power server-side in being able to take the raw
data and arrange it in a more meaningful form with respect to the final
Also, the forms/parameters argument still holds - you can't POST/GET to an XML document and expect it to have an effect on the transformation, nor can you store anything on your server. Even a very light preprocessor scan will still be very useful here, but only on the server side.
Cheers, -- Abel Braaksma