OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   IE6, XSL and The Web (was: RE: [xml-dev] What the .... ? Referencing XSL

[ Lists Home | Date Index | Thread Index ]
  • To: <jim@anconafamily.com>,<xml-dev@lists.xml.org>
  • Subject: IE6, XSL and The Web (was: RE: [xml-dev] What the .... ? Referencing XSL stylesheets across domains)
  • From: "Sebastian Schnitzenbaumer" <schnitz@mozquito.com>
  • Date: Thu, 8 Aug 2002 19:08:38 +0200
  • Thread-index: AcI+9hj4xbHtEFLaQI2T9HcoOgiJ7QAA7Zq5
  • Thread-topic: [xml-dev] What the .... ? Referencing XSL stylesheets across domains

Jim, first of all, thank you so much for the pointers.
 
This is just awful. It really hurts. This essentially nukes
an entire branch of applications. It prevents us now from
fully taking advantage of the seperation between data
and presentation.
 
It is a feature, not a bug, to have data and presentation
in different locations, different locations *on the web*. 
And this feature is so much bigger than allowing some 
script hacking inside XSL thru <msxsl:script>.
 
I'm angry, frustrated and very sad about this observation,
 
- Sebastian
 

	-----Ursprüngliche Nachricht----- 
	Von: Jim Ancona 
	Gesendet: Do 08.08.2002 18:10 
	An: xml-dev@lists.xml.org 
	Cc: Sebastian Schnitzenbaumer 
	Betreff: RE: [xml-dev] What the .... ? Referencing XSL
stylesheets across domains
	
	

	--- Sebastian Schnitzenbaumer <schnitz@mozquito.com> wrote:
	> http://markuplanguage.oss4u.de/test3.xml
	> references
http://www.w3.org/Style/XSL/stylesheets/public2html.xsl
	> 
	> This works in Mozilla (the result looks bogus, I'm just
testing), my IE6
	> says access denied. I just want to hear from someone "yes,
this is true,
	> we've known this for years, or, no, actually it does work, you
must
	> have some other bug". Please let me know...
	
	Note that MSDN[1] says the URI in the xsl-stylesheet PI "is the
Uniform
	Resource Identifier (URI) of the style sheet. This URI is
relative to the
	location of the XML document itself." The W3C REC that defines
the PI[2] has no
	such restriction.
	
	Since Microsoft allows the <msxsl:script> extension which
permits embedded
	script code in stylesheets, it might be that this behavior is
designed to
	prevent some kind of cross-site scripting exploit.
	
	Jim
	
	[1] -
	
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/xmlsdk/
htm/xml_concepts_369f.asp
	
	[2] - http://www.w3.org/TR/xml-stylesheet/
	
	=====
	Jim Ancona
	jim@anconafamily.com                     jancona@xevo.com
	
	__________________________________________________
	Do You Yahoo!?
	HotJobs - Search Thousands of New Jobs
	http://www.hotjobs.com
	





 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS