Re: [xsl] document function serving up server script XML

Subject: Re: [xsl] document function serving up server script XML
From: "Robert Koberg" <rob@xxxxxxxxxx>
Date: Sat, 24 Feb 2007 13:53:30 -0500
On 2/23/07, Steve <subsume@xxxxxxxxx> wrote:
In many places around my site--which deals with sensitive data--my XSL
calls upon the document function to ask a server script to retrieve
and serve up database results in XML.

This script does not execute SQL arbitrarily, but based on its passed
variables. However, this server script is set to ignore anything out
of the house (originating from IP other than

Are you using the same server name that the XSL and main source XML come from? In other words, are you proxying the the result from the DB through the exact same virtual host?

If not, then you are hitting a browser security restriction.


While this isn't XSL, per se, I'm sure someone out there has a similar method for getting live XML via document(). Or maybe its just bad practice in principle to rely on it so heavily?

Thoughts, please!


Current Thread