Re: [xsl] XSLT3.0: Question about shadow attributes and the possibility to supply value to a static parameter

Subject: Re: [xsl] XSLT3.0: Question about shadow attributes and the possibility to supply value to a static parameter
From: "Michael Kay mike@xxxxxxxxxxxx" <xsl-list-service@xxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 21 Nov 2014 09:51:38 -0000
We ought really to make a more careful distinction between "visibility to the
calling application" and "visibility to a using package". Stylesheet
parameters are not visible to a using package (because we want to allow
packages to be compiled independently of each other), but they are visible to
the calling application (because otherwise they would be pointless).

The two ideas are related, for example we only allow the application to invoke
a named template or a function as an entry point if it has public (or final)
visibility, but they are not identical.

Michael Kay
+44 (0) 118 946 5893

On 21 Nov 2014, at 06:37, Dimitre Novatchev dnovatchev@xxxxxxxxx
<xsl-list-service@xxxxxxxxxxxxxxxxxxxxxx> wrote:

> In section  3.14.2 "Shadow Attributes"  the 2nd example: "Example:
> Using Shadow Attributes to Parameterize Selection of Elements", shows
> how to produce a report giving information about selected employees.
> The predicate defining which employees are to be included in the
> report is supplied (as a string containing an XPath expression) in a
> static stylesheet parameter.
> A note at the end of the example contains this text:
> "The stylesheet function local:filter is used here in preference to
> direct use of the supplied predicate within the select attribute of
> the xsl:apply-templates instruction because it reduces exposure to
> code injection attacks".
> Because "injection attacks" are said to be possible, this means that
> it is assumed that the value of the static stylesheet parameter will
> be supplied by the initiator of the transformation.
> However, in other parts of the specification
> (, it is
> postulated, that the visibility of a static parameter must always be
> private.
> My question is:  Is the expectation that it is possible to supply a
> value to the static stylesheet parameter correct, and if yes, doesn't
> this contradict the definition of the visibility of a static parameter
> as always private?
> --
> Cheers,
> Dimitre Novatchev

Current Thread