[Bug 29951] [FO31] fn-transform "saved" from bugzilla@jessica.w3.org on 2017-03-17 (public-qt-comments@w3.org from March 2017)

From: <bugzilla@jessica.w3.org>
Date: Fri, 17 Mar 2017 23:02:58 +0000
To: public-qt-comments@w3.org
Message-ID: <bug-29951-523-4h7SLuLpFV@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=29951

Michael Kay <mike@saxonica.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|FIXED                       |---
             Status|CLOSED                      |REOPENED

--- Comment #15 from Michael Kay <mike@saxonica.com> ---
I have discovered that the changes were incompletely applied.

Although the "saved" option has been dropped, there are still quite a few
references to it.

Fixing this requires deletion of the following sections of text:

(a) If the delivery format is saved, the value is the absolute URI of the
location where the serialized result has been saved. The saved document will
not be accessible at this location within the current ·execution scope· (this
is to prevent any dependency on order of execution).

(b) The delivery format saved indicates that the transformation should modify
the state of the external environment. This has two noteworthy consequences:
        • It creates a potential security risk.
        • The fn:transform function ceases to be a pure function, because it
has side-effects.
Implementations may mitigate these problems in a number of ways, including the
following:

        • Use of the delivery-format=saved option may be disallowed, either
completely or at user option.
        • The environment that the delivery-format=saved option is allowed to
modify may be sand-boxed in some way. For example: resources that are created
using this option may be accessible only via some special interface; the
resource may become available only on completion of the execution scope in
which the fn:transform function is evaluated; or the implementation may prevent
the use functions such as fn:doc and fn:collection to access such resources.
        • Creating multiple resources with the same URI may be disallowed.
        • The implementation may define circumstances in which the side-effect
of creating external resources is thwarted as a consequence of query
optimization (for example, any situation in which a query calls fn:transform
but has no functional dependency on the result of the call). 
        • There may be restrictions on the URIs that can be used to identify
saved resources

(c) Errors FOXT0005 and FOXT0007.

(d) There is also no change log entry for 29951

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Friday, 17 March 2017 23:03:08 UTC