[
Lists Home |
Date Index |
Thread Index
]
- To: "Murali Mani" <mani@CS.UCLA.EDU>
- Subject: RE: [xml-dev] Word 2003 schemas available
- From: "Michael Rys" <mrys@microsoft.com>
- Date: Tue, 18 Nov 2003 10:52:37 -0800
- Cc: <xml-dev@lists.xml.org>
- Thread-index: AcOuAjnYI72W6fk8T5C04/HZHV7gGQAAiHmA
- Thread-topic: [xml-dev] Word 2003 schemas available
The point regarding PIs is that it is just markup and has no semantics.
Only a processor that sees the PI and understands its target will act on
it. It does not introduce "code" into XML any more or any less than an
element with a specific markup.
For example, for SQL Server 2000 we designed a so called SQLXML
template: an XML file that contains markup with special names that
execute a query against a database. We decided to use a special
namespace and XML elements for giving this information, but
theoretically, we could have used processing-instructions as well. XSLT
processors for example interpret a special PI as an instruction to
transform an XML document containing that PI using the indicated XSLT
transform. Theoretically, XSLT could have chosen an XML element in a
special namespace for doing so.
There are some trade-offs to be made, but neither approach is more or
less secure per se.
Best regards
Michael
> -----Original Message-----
> From: Murali Mani [mailto:mani@CS.UCLA.EDU]
> Sent: Tuesday, November 18, 2003 10:32 AM
> To: Michael Rys
> Cc: xml-dev@lists.xml.org
> Subject: RE: [xml-dev] Word 2003 schemas available
>
>
> On Tue, 18 Nov 2003, Michael Rys wrote:
>
> > [Michael Rys] You mean like the format used in the .doc files? :-)
> >
> > Binary XML in my opinion flies in the face of loosely-coupled
> > interoperability. By adding a "standard" binary XML format (be it
> > based on ASN PER/BER or some other scheme) the interoperability gets
> > bifurcated and the advantage of a single, auditable, interoperable
> > format to be used in loosely-coupled environments disappears. In
> > closely-coupled systems, you can use something else than XML (or a
> > binary format). Since the coupling is closed, you do not need to
> > follow a standard (although there are some reasons why you still may
> > use XML).
>
> very true, if MS Office wants to define an interface for other
> applications, well and good. Why should we look into the inner
functioning
> of MS Office?? But as Len pointed out, there needs to be standard
binary
> format for other cases??
>
> > [Michael Rys] A processing instruction is just a special form of
> > Markup. The software needs to understand it to do anything with it.
So
> > if the software understands a dangerous PI, then you may have a
> > security issue, if the software does not understand any PI, then you
> > should not.
>
> Regarding PIs, however, I am still not convinced totally. If I have a
> latex file and I compile it, all I can get is a dvi file. However,
there
> are chances of overlooked sideeffects when we have a s/w that
"compiles"
> an XML document..?? the s/w needs to know to handle the PI, but
still...
>
> Anyways, best, murali.
>
|
