[
Lists Home |
Date Index |
Thread Index
]
--- Dare Obasanjo <dareo@microsoft.com> wrote:
> Security and convenience are a continuom. In today's internet connected
> world, one typically has to trade up some convenience if they want security.
> We are all witnesses to what happened when Microsoft leaned more towards
> convenience than security in our products. I'm quite glad that we've decided
> to shift to the other side and trade up convenience for more security.
First of all, can anyone confirm that this restriction is in fact intended to
prevent some sort of attack? I think I'm the person who originally suggested
that might be the reason, but I have no idea if that is in fact the case.
Second, if script in stylesheets is the problem, then the issue is with
Microsoft's extensions to XSLT, not XSLT itself. In that case, a better
solution might be to disable those scripting extensions in stylesheets from a
foreign domain, not refuse to load the stylesheet at all.
Jim
=====
Jim Ancona
jim@anconafamily.com jancona@xevo.com
__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com
|
