[XSL-LIST Mailing List Archive Home] [By Thread] [By Date]

Re: [xsl] XSLT3.0: Question about shadow attributes and the possibility to supply value to a static parameter


Subject: Re: [xsl] XSLT3.0: Question about shadow attributes and the possibility to supply value to a static parameter
From: "Dimitre Novatchev dnovatchev@xxxxxxxxx" <xsl-list-service@xxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 21 Nov 2014 15:09:26 -0000

On Fri, Nov 21, 2014 at 1:51 AM, Michael Kay <mike@xxxxxxxxxxxx> wrote:
> We ought really to make a more careful distinction between "visibility to
the calling application" and "visibility to a using package".
> Stylesheet parameters are not visible to a using package (because we want to
allow packages to be compiled independently of each other),
> but they are visible to the calling application (because otherwise they
would be pointless).

What if the value of a static stylesheet parameter was used to make
compile-time decisions (as in the "use-when" attribute on an
"xsl:import" declaration)? Wouldn't providing by the caller a
different value for this static parameter require a new compilation of
the already compiled package?

Cheers,
Dimitre

On Fri, Nov 21, 2014 at 1:51 AM, Michael Kay mike@xxxxxxxxxxxx
<xsl-list-service@xxxxxxxxxxxxxxxxxxxxxx> wrote:
> We ought really to make a more careful distinction between "visibility to
the calling application" and "visibility to a using package". Stylesheet
parameters are not visible to a using package (because we want to allow
packages to be compiled independently of each other), but they are visible to
the calling application (because otherwise they would be pointless).
>
> The two ideas are related, for example we only allow the application to
invoke a named template or a function as an entry point if it has public (or
final) visibility, but they are not identical.
>
> Michael Kay
> Saxonica
> mike@xxxxxxxxxxxx
> +44 (0) 118 946 5893
>
>
>
>
> On 21 Nov 2014, at 06:37, Dimitre Novatchev dnovatchev@xxxxxxxxx
<xsl-list-service@xxxxxxxxxxxxxxxxxxxxxx> wrote:
>
>> In section  3.14.2 "Shadow Attributes"  the 2nd example: "Example:
>> Using Shadow Attributes to Parameterize Selection of Elements", shows
>> how to produce a report giving information about selected employees.
>> The predicate defining which employees are to be included in the
>> report is supplied (as a string containing an XPath expression) in a
>> static stylesheet parameter.
>>
>> A note at the end of the example contains this text:
>>
>> "The stylesheet function local:filter is used here in preference to
>> direct use of the supplied predicate within the select attribute of
>> the xsl:apply-templates instruction because it reduces exposure to
>> code injection attacks".
>>
>> Because "injection attacks" are said to be possible, this means that
>> it is assumed that the value of the static stylesheet parameter will
>> be supplied by the initiator of the transformation.
>>
>> However, in other parts of the specification
>> (http://www.w3.org/TR/2014/WD-xslt-30-20141002/#static-params), it is
>> postulated, that the visibility of a static parameter must always be
>> private.
>>
>> My question is:  Is the expectation that it is possible to supply a
>> value to the static stylesheet parameter correct, and if yes, doesn't
>> this contradict the definition of the visibility of a static parameter
>> as always private?
>>
>>
>> --
>> Cheers,
>> Dimitre Novatchev
>>
>



--
Cheers,
Dimitre Novatchev
---------------------------------------
Truly great madness cannot be achieved without significant intelligence.
---------------------------------------
To invent, you need a good imagination and a pile of junk
-------------------------------------
Never fight an inanimate object
-------------------------------------
To avoid situations in which you might make mistakes may be the
biggest mistake of all
------------------------------------
Quality means doing it right when no one is looking.
-------------------------------------
You've achieved success in your field when you don't know whether what
you're doing is work or play
-------------------------------------
To achieve the impossible dream, try going to sleep.
-------------------------------------
Facts do not cease to exist because they are ignored.
-------------------------------------
Typing monkeys will write all Shakespeare's works in 200yrs.Will they
write all patents, too? :)
-------------------------------------
I finally figured out the only reason to be alive is to enjoy it.


Current Thread
Keywords