- From: <bugzilla@jessica.w3.org>
- Date: Mon, 31 Oct 2016 17:56:54 +0000
- To: public-qt-comments@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=29951 --- Comment #3 from Michael Kay <mike@saxonica.com> --- Suggested resolution is to add: The delivery format "saved" indicates that the transformation should modify the state of the external environment. This has two noteworthy consequences: (a) it create a potential security risk. (b) the fn:transform function ceases to be a pure function, because it has side-effects. Implementations may mitigate these problems in a number of ways, including the following: (i) use of the "saved" option may be disallowed, either completely or at user option (ii) the environment that the "saved" option is allowed to modify may be sand-boxed in some way. For example: resources that are created using this option may be accessible only via some special interface; the resource may become available only on completion of the execution scope in which the fn:transform function is evaluated; or the implementation may prevent access to such resources using functions such as fn:doc and fn:collection. (iii) creating multiple resources with the same URI may be disallowed. (iv) the implementation may define circumstances in which the side-effect of creating external resources does not happen as a consequence of query optimization (for example, any situation in which a query calls fn:transform but has no functional dependency on the result of the call.) (v) there may be restrictions on the URIs that can be used to identify saved resources. Add error code FOXT0007: The transformation uses delivery-format="saved" in a way that violates implementation-defined constraints on the use of this option. -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Monday, 31 October 2016 17:57:01 UTC