xml-dev - IE6, XSL and The Web (was: RE: [xml-dev] What the .... ? Referencing XSL

IE6, XSL and The Web (was: RE: [xml-dev] What the .... ? Referencing XSL

[ Lists Home | Date Index | Thread Index ]

To: <jim@anconafamily.com>,<xml-dev@lists.xml.org>
Subject: IE6, XSL and The Web (was: RE: [xml-dev] What the .... ? Referencing XSL stylesheets across domains)
From: "Sebastian Schnitzenbaumer" <schnitz@mozquito.com>
Date: Thu, 8 Aug 2002 19:08:38 +0200
Thread-index: AcI+9hj4xbHtEFLaQI2T9HcoOgiJ7QAA7Zq5
Thread-topic: [xml-dev] What the .... ? Referencing XSL stylesheets across domains

Jim, first of all, thank you so much for the pointers.
 
This is just awful. It really hurts. This essentially nukes
an entire branch of applications. It prevents us now from
fully taking advantage of the seperation between data
and presentation.
 
It is a feature, not a bug, to have data and presentation
in different locations, different locations *on the web*. 
And this feature is so much bigger than allowing some 
script hacking inside XSL thru <msxsl:script>.
 
I'm angry, frustrated and very sad about this observation,
 
- Sebastian
 

	-----Ursprüngliche Nachricht----- 
	Von: Jim Ancona 
	Gesendet: Do 08.08.2002 18:10 
	An: xml-dev@lists.xml.org 
	Cc: Sebastian Schnitzenbaumer 
	Betreff: RE: [xml-dev] What the .... ? Referencing XSL
stylesheets across domains
	
	

	--- Sebastian Schnitzenbaumer <schnitz@mozquito.com> wrote:
	> http://markuplanguage.oss4u.de/test3.xml
	> references
http://www.w3.org/Style/XSL/stylesheets/public2html.xsl
	> 
	> This works in Mozilla (the result looks bogus, I'm just
testing), my IE6
	> says access denied. I just want to hear from someone "yes,
this is true,
	> we've known this for years, or, no, actually it does work, you
must
	> have some other bug". Please let me know...
	
	Note that MSDN[1] says the URI in the xsl-stylesheet PI "is the
Uniform
	Resource Identifier (URI) of the style sheet. This URI is
relative to the
	location of the XML document itself." The W3C REC that defines
the PI[2] has no
	such restriction.
	
	Since Microsoft allows the <msxsl:script> extension which
permits embedded
	script code in stylesheets, it might be that this behavior is
designed to
	prevent some kind of cross-site scripting exploit.
	
	Jim
	
	[1] -
	
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/xmlsdk/
htm/xml_concepts_369f.asp
	
	[2] - http://www.w3.org/TR/xml-stylesheet/
	
	=====
	Jim Ancona
	jim@anconafamily.com                     jancona@xevo.com
	
	__________________________________________________
	Do You Yahoo!?
	HotJobs - Search Thousands of New Jobs
	http://www.hotjobs.com

Follow-Ups:
- Re: [xml-dev] IE6, XSL and The Web (was: RE: [xml-dev] What the .... ? Referencing XSL stylesheets across domains)
  - From: "George Cristian Bina" <george@sync.ro>
- Re: [xml-dev] IE6, XSL and The Web (was: RE: [xml-dev] What the .... ?Referencing XSL stylesheets across domains)
  - From: "Thomas B. Passin" <tpassin@comcast.net>

Prev by Date: RE: [xml-dev] What the .... ? Referencing XSL stylesheets across domains
Next by Date: Re: [xml-dev] IE6, XSL and The Web (was: RE: [xml-dev] What the .... ?Referencing XSL stylesheets across domains)
Previous by thread: RE: [xml-dev] What the .... ? Referencing XSL stylesheets across domains
Next by thread: Re: [xml-dev] IE6, XSL and The Web (was: RE: [xml-dev] What the .... ?Referencing XSL stylesheets across domains)
Index(es):
- Date
- Thread