OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   RE: [xml-dev] What the .... ? Referencing XSL stylesheets across domains

[ Lists Home | Date Index | Thread Index ]

--- Dare Obasanjo <dareo@microsoft.com> wrote:
> Security and convenience are a continuom. In today's internet connected
> world, one typically has to trade up some convenience if they want security.
> We are all witnesses to what happened when Microsoft leaned more towards
> convenience than security in our products. I'm quite glad that we've decided
> to shift to the other side and trade up convenience for more security. 

First of all, can anyone confirm that this restriction is in fact intended to
prevent some sort of attack? I think I'm the person who originally suggested
that might be the reason, but I have no idea if that is in fact the case. 

Second, if script in stylesheets is the problem, then the issue is with
Microsoft's extensions to XSLT, not XSLT itself. In that case, a better
solution might be to disable those scripting extensions in stylesheets from a
foreign domain, not refuse to load the stylesheet at all.

Jim


=====
Jim Ancona
jim@anconafamily.com                     jancona@xevo.com

__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com




 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS