On Thu, 25 Jan 2007, Ian Davis wrote: > Neat. > >> Three of these tests explore security issues. >> I would like the jena implementation to refuse to honour the >> document() function at all, and disable some 'unsafe' XSLT2 features. > > While I think that's an understandable approach it would preclude > documents from referencing external descriptions of the RDF patterns. As > a concrete example, I'm currently mulling over an alternative to > Embedded RDF that allows the specification of markup semantics to be > declared in an external file. The advantages of this approach are > similar to those you get with referencing a single external CSS rather > than having it inline in every document on a site, i.e. reusablity and > seperation of concerns. To support this via GRDDL and XSLT I'd need to > use the document function to access and parse the external metadata > description. > I believe I've sent an email on this before, but it's common practice for XSLT implemetations to enact certain security restrictions by default (such as disabling the use the document() function) - MSXML in particular. Chimezie Ogbuji Lead Systems Analyst Thoracic and Cardiovascular Surgery Cleveland Clinic Foundation 9500 Euclid Avenue/ W26 Cleveland, Ohio 44195 Office: (216)444-8593 ogbujic@ccf.orgReceived on Thursday, 25 January 2007 19:14:30 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:11:47 GMT