Re: [xsl] XSLT programs that blur the distinction between program and data?

["Dimitre Novatchev dnovatchev@xxxxxxxxx" <xsl-list-service@xxxxxxxxxxxxxxxxxxxxxx>]

> (1) An XSLT program may have some embedded XML that the program uses.
That embedded XML is both part of the program and it is data
> for the program; so it is both program and data. That is definitely
blurring the distinction between program and data!

Nothing new or surprising here. This XML can itself be an XSLT stylesheet,
or the XSLT transformation may contain a (set of) XPath expression(s) as
string variables.
And all of these can be produced dynamically during the course of the
transformation.

> (2) An XSLT program can modify itself at runtime. [Is this possible? Can
one part of XSLT program treat another part of the program as data,
> modify it, and then continue running but with the modified program?]

Yes, see my answer to (1) above.

The "modified: or "newly-generated" "program" (be it an XSLT stylesheet or
an XPath expression to be evaluated dynamically, that may within itself
contain a call to fn:transform()) can be dynamically run within an
<xsl:evaluate> operator.


Finally, imagine a transformation whose behavior is completely determined
by the value of an (external) variable:

1 -- Do Something1
2 -- Do Something2
3 -- Do  .  .  .

In this case, one could strongly argue that  what actually is the "program"
is the external variable :)

In general, any interpreter treats its data as "the program" ...

Needless to say using <xsl:evaluate> in unrestricted ways could be a
significant security risk,

Thanks,
Dimitre

On Sat, Apr 9, 2022 at 8:01 AM Roger L Costello costello@xxxxxxxxx <
xsl-list-service@xxxxxxxxxxxxxxxxxxxxxx> wrote:

> Michael Kay wrote this on March 29, 2022:
>
> > we're using operating systems whose security model is
> > 50 years out of date. Where there's a strong distinction
> > between "programs" and "data" that's unrealistic in
> > today's world
>
> Fascinating!
>
> What are the ways that XSLT programs blur the distinction between program
> and data?
>
> I think there are two ways:
>
> (1) An XSLT program may have some embedded XML that the program uses. That
> embedded XML is both part of the program and it is data for the program; so
> it is both program and data. That is definitely blurring the distinction
> between program and data!
>
> (2) An XSLT program can modify itself at runtime. [Is this possible? Can
> one part of XSLT program treat another part of the program as data, modify
> it, and then continue running but with the modified program?]
>
> What other ways do XSLT programs blur the distinction between program and
> data?
>
> Is there a classic use case for (1)? That is, is there a classic use case
> for an XSLT program that uses embedded XML data?
>
> Is there a classic use case for (2)?
>
> /Roger
> 
>
>

-- 
Cheers,
Dimitre Novatchev
---------------------------------------
Truly great madness cannot be achieved without significant intelligence.
---------------------------------------
To invent, you need a good imagination and a pile of junk
-------------------------------------
Never fight an inanimate object
-------------------------------------
To avoid situations in which you might make mistakes may be the
biggest mistake of all
------------------------------------
Quality means doing it right when no one is looking.
-------------------------------------
You've achieved success in your field when you don't know whether what
you're doing is work or play
-------------------------------------
To achieve the impossible dream, try going to sleep.
-------------------------------------
Facts do not cease to exist because they are ignored.
-------------------------------------
Typing monkeys will write all Shakespeare's works in 200yrs.Will they write
all patents, too? :)
-------------------------------------
Sanity is madness put to good use.
-------------------------------------
I finally figured out the only reason to be alive is to enjoy it.