- From: Dominique Hazaël-Massieux <dom@w3.org>
- Date: Mon, 03 May 2004 10:29:16 +0200
- To: bry@itnisk.com
- Cc: public-rdf-in-xhtml-tf@w3.org
Received on Monday, 3 May 2004 04:29:32 UTC
Le ven 30/04/2004 à 12:11, bry@itnisk.com a écrit : > Concerning my earlier post as to security > problems with the link rel="transform" part > of GRDDL it might be better to have a > defined grddl grammar that would be > interpreted as a literal result element > stylesheet, i.e. > > <grddl xmlns="some url that ends with grddl > probably" Why do you put the result tree in this grddl root element rather than in a rdf:RDF one? > Although this makes the xsl-t less powerful > it does reduce the security concerns (there > are still some but they are rather minor > ones) It does indeed remove the threat of xsl:include and xsl:import. Are there any other security concerns that alleviated by this form? Thanks, Dom -- Dominique Hazaël-Massieux - http://www.w3.org/People/Dom/ W3C/ERCIM mailto:dom@w3.org
Received on Monday, 3 May 2004 04:29:32 UTC