- From: Chimezie Ogbuji <ogbujic@bio.ri.ccf.org>
- Date: Thu, 25 Jan 2007 13:58:52 -0500 (EST)
- To: Ian Davis <Ian.Davis@talis.com>
- cc: Jeremy Carroll <jjc@hpl.hp.com>, public-grddl-wg@w3.org, "McBride, Brian" <brian.mcbride@hp.com>
On Thu, 25 Jan 2007, Ian Davis wrote: > Neat. > >> Three of these tests explore security issues. >> I would like the jena implementation to refuse to honour the >> document() function at all, and disable some 'unsafe' XSLT2 features. > > While I think that's an understandable approach it would preclude > documents from referencing external descriptions of the RDF patterns. As > a concrete example, I'm currently mulling over an alternative to > Embedded RDF that allows the specification of markup semantics to be > declared in an external file. The advantages of this approach are > similar to those you get with referencing a single external CSS rather > than having it inline in every document on a site, i.e. reusablity and > seperation of concerns. To support this via GRDDL and XSLT I'd need to > use the document function to access and parse the external metadata > description. > I believe I've sent an email on this before, but it's common practice for XSLT implemetations to enact certain security restrictions by default (such as disabling the use the document() function) - MSXML in particular. Chimezie Ogbuji Lead Systems Analyst Thoracic and Cardiovascular Surgery Cleveland Clinic Foundation 9500 Euclid Avenue/ W26 Cleveland, Ohio 44195 Office: (216)444-8593 ogbujic@ccf.org
Received on Thursday, 25 January 2007 19:14:30 UTC