W3C home > Mailing lists > Public > public-qt-comments@w3.org > October 2016

[Bug 29951] [FO31] fn-transform "saved"

From: <bugzilla@jessica.w3.org>
Date: Mon, 31 Oct 2016 17:56:54 +0000
To: public-qt-comments@w3.org
Message-ID: <bug-29951-523-DWWL5TydeQ@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=29951

--- Comment #3 from Michael Kay <mike@saxonica.com> ---
Suggested resolution is to add:

The delivery format "saved" indicates that the transformation should modify the
state of the external environment. This has two noteworthy consequences:

(a) it create a potential security risk.

(b) the fn:transform function ceases to be a pure function, because it has
side-effects.

Implementations may mitigate these problems in a number of ways, including the
following:

(i) use of the "saved" option may be disallowed, either completely or at user
option

(ii) the environment that the "saved" option is allowed to modify may be
sand-boxed in some way. For example: resources that are created using this
option may be accessible only via some special interface; the resource may
become available only on completion of the execution scope in which the
fn:transform function is evaluated; or the implementation may prevent access to
such resources using functions such as fn:doc and fn:collection.

(iii) creating multiple resources with the same URI may be disallowed.

(iv) the implementation may define circumstances in which the side-effect of
creating external resources does not happen as a consequence of query
optimization (for example, any situation in which a query calls fn:transform
but has no functional dependency on the result of the call.) 

(v) there may be restrictions on the URIs that can be used to identify saved
resources. 

Add error code FOXT0007: The transformation uses delivery-format="saved" in a
way that violates implementation-defined constraints on the use of this option.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
Received on Monday, 31 October 2016 17:57:01 UTC

This archive was generated by hypermail 2.3.1 : Monday, 31 October 2016 17:57:02 UTC