Re: [xsl] XSLT 3.0: Question about: Disabling dynamic evalu

Cart

XML Editor - Download a Free Trial >

See What's New >

Buy Now >

[Home] [By Thread] [By Date] [Recent Entries]

Subject: Re: XSLT 3.0: Question about: Disabling dynamic evaluation unconditionally
From: "Dimitre Novatchev dnovatchev@xxxxxxxxx" <xsl-list-service@xxxxxxxxxxxxxxxxxxxxxx>
Date: Sun, 15 Feb 2015 23:02:47 -0000

Thank you, Dr. Kay,

> I think the working group therefore felt that (a) there should always be
> a way for users (or system managers) to disable the feature,
> and (b) on some environments, such as mobile devices, the feature might not
be available at all.

Then I think the phrase "and they may disable it unconditionally"
reflects the requirement (b) above.

Is my understanding correct?



--
Cheers,
Dimitre Novatchev



On Sun, Feb 15, 2015 at 1:02 PM, Michael Kay mike@xxxxxxxxxxxx
<xsl-list-service@xxxxxxxxxxxxxxxxxxxxxx> wrote:
> As I understand it, there are two kinds of anxiety about xsl:evaluate that
led to these provisions being included in the spec: anxieties that dynamic
XPath evaluate could cause a security risk (through executing untrusted code),
and anxiety about the necessity to include a complete XPath parser in the
execution environment, especially in environments with limited resources such
as mobile or embedded devices. I think the working group therefore felt that
(a) there should always be a way for users (or system managers) to disable the
feature, and (b) on some environments, such as mobile devices, the feature
might not be available at all.
>
> Michael Kay
> Saxonica
> mike@xxxxxxxxxxxx
> +44 (0) 118 946 5893
>
>
>
>
> On 15 Feb 2015, at 17:52, Dimitre Novatchev dnovatchev@xxxxxxxxx
<xsl-list-service@xxxxxxxxxxxxxxxxxxxxxx> wrote:
>
>> Hi,
>> At the end of Section "10.4.4 xsl:evaluate as an optional feature" of
>> the 2nd Last Call of the W3C XSLT 3.0 specification
>>
(http://www.w3.org/TR/2014/WD-xslt-30-20141002/#evaluation-as-optional-featur
e)
>> , the last paragraph says:
>>
>> "Processors that implement xsl:evaluate should provide mechanisms
>> allowing calls on xsl:evaluate to be disabled. Implementations may
>> disable the feature by default, and they may disable it
>> unconditionally."
>>
>> My question is:
>> What is meant here by "they may disable it unconditionally" ?
>>
>> Is this something the XSLT processor decides by itself if a certain
>> kind of event occurs, and does disabling the feature "unconditionally"
>> mean that after the disablement, the feature can never be enabled
>> again?
>>
>> --
>> Cheers,
>> Dimitre Novatchev

Current Thread

Re: XSLT 3.0: Question about: Disabling dynamic evaluation unconditionally, (continued)
- Eliot Kimber ekimber@xxxxxxxxxxxx - 15 Feb 2015 18:02:54 -0000
  - Wolfgang Laun wolfgang.laun@xxxxxxxxx - 15 Feb 2015 18:12:49 -0000
    - Dimitre Novatchev dnovatchev@xxxxxxxxx - 15 Feb 2015 18:20:19 -0000
- Michael Kay mike@xxxxxxxxxxxx - 15 Feb 2015 21:02:24 -0000
  - Dimitre Novatchev dnovatchev@xxxxxxxxx - 15 Feb 2015 23:02:47 -0000 <=

<- Previous	Index	Next ->
Re: XSLT 3.0: Question about:, Michael Kay mike@xxx	Thread	Re: Highlighting changes in a, Manuel Souto Pico te
Re: XSLT 3.0: Question about:, Michael Kay mike@xxx	Date	Re: Highlighting changes in a, Manuel Souto Pico te
	Month

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >