Re: [xsl] xsl 1.1 security model?

Subject: Re: [xsl] xsl 1.1 security model?
From: Francis Norton <francis@xxxxxxxxxxx>
Date: Mon, 26 Mar 2001 13:19:01 +0100

Michael Kay wrote:
> 
> >
> > And would an implementation that disabled the xsl:document element
> > client-side still be XSLT 1.1 compliant?
> >
> It's my understanding that Microsoft are reluctant to implement this feature
> client-side, and I think the spec is clear that it's not required for
> conformance.
> 
Indeed, I should have spotted that
http://www.w3.org/TR/xslt11/#conformance states:

	"A conforming XSLT processor need not be able to output the result in
XML or in any other form."

which implies that this feature need not implemented at all.

> This approach makes sense, since the requirement for the feature is mainly
> fur use during the publishing cycle, not in client-side rendering.
> 
I think the most material differences between "the publishing cycle" and
"client-side rendering" are likely to be scaleability and security. I
can imagine rendering requirements such as creating framed content that
would really benefit from something like xsl:document if it could be
done securely. But this would probably be scope-creep for a minor
increment spec release...

Francis.

 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list


Current Thread