Re: GRDDL literal result element stylesheets from Dominique Hazaël-Massieux on 2004-05-03 (public-rdf-in-xhtml-tf@w3.org from May 2004)

From: Dominique Hazaël-Massieux <dom@w3.org>
Date: Mon, 03 May 2004 10:29:16 +0200
To: bry@itnisk.com
Cc: public-rdf-in-xhtml-tf@w3.org
Message-Id: <1083572955.1292.4860.camel@stratustier>

Le ven 30/04/2004 à 12:11, bry@itnisk.com a écrit :
> Concerning my earlier post as to security 
> problems with the link rel="transform" part 
> of GRDDL it might be better to have a 
> defined grddl grammar that would be 
> interpreted as a literal result element 
> stylesheet, i.e.
> 
> <grddl xmlns="some url that ends with grddl 
> probably" 

Why do you put the result tree in this grddl root element rather than in
a rdf:RDF one?

> Although this makes the xsl-t less powerful 
> it does reduce the security concerns (there 
> are still some but they are rather minor 
> ones)

It does indeed remove the threat of xsl:include and xsl:import. Are
there any other security concerns that alleviated by this form?

Thanks,

Dom
-- 
Dominique Hazaël-Massieux - http://www.w3.org/People/Dom/
W3C/ERCIM
mailto:dom@w3.org

Received on Monday, 3 May 2004 04:29:32 UTC