[
Lists Home |
Date Index |
Thread Index
]
Hi Liam,
Liam said:
I suspect there would be strong
resistance to requiring that every XSLT implementation also implemented
all of XML Query :-)
Didier replies:
Do you mean from the XSLT WG or the XML community or perhaps both?
Liam said:
The ability to do POST http transactions can be a security problem --
a program that can write more or less arbitrary text to any host on
any port can be used to send email, for example. So this is not
something I'd necessarily want in a browser-side XSLT implementation.
Didier replies:
Off course, POST could be used for any kind of things and the treat exist
with a simple HTML form. The whole issues is, several mean to access data
are based on HTTP POST. Usually for security reasons, the POST being used to
carry the userID and Password. In other cases, the POST is used for
processing, a document fragment is sent for processing and an other
transformed or augmented fragment is returned. These are actual capabilities
that any HTML browser can have access too. This is why I said that POST
would be very useful and won't allow stylesheet to do any more harm than
what the actual browsers can do.
Cheers
Didier
-------------------------------------------------------------
Didier PH Martin http://didier-martin.com
OpenJade Project http://dsssl.netfolder.com
Coming soon.... http://xml.netfolder.com
Coming soon.... http://blog.didier-martin.com
-------------------------------------------------------------
|
