[XSL-LIST Mailing List Archive Home] [By Thread] [By Date]

Re: [xsl] XSLT3.0: Question about shadow attributes and the possibility to supply value to a static parameter

Subject: Re: [xsl] XSLT3.0: Question about shadow attributes and the possibility to supply value to a static parameter
From: "Michael Kay mike@xxxxxxxxxxxx" <xsl-list-service@xxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 21 Nov 2014 09:51:38 -0000

We ought really to make a more careful distinction between "visibility to the
calling application" and "visibility to a using package". Stylesheet
parameters are not visible to a using package (because we want to allow
packages to be compiled independently of each other), but they are visible to
the calling application (because otherwise they would be pointless).

The two ideas are related, for example we only allow the application to invoke
a named template or a function as an entry point if it has public (or final)
visibility, but they are not identical.

Michael Kay
Saxonica
mike@xxxxxxxxxxxx
+44 (0) 118 946 5893

On 21 Nov 2014, at 06:37, Dimitre Novatchev dnovatchev@xxxxxxxxx
<xsl-list-service@xxxxxxxxxxxxxxxxxxxxxx> wrote:

> In section  3.14.2 "Shadow Attributes"  the 2nd example: "Example:
> Using Shadow Attributes to Parameterize Selection of Elements", shows
> how to produce a report giving information about selected employees.
> The predicate defining which employees are to be included in the
> report is supplied (as a string containing an XPath expression) in a
> static stylesheet parameter.
>
> A note at the end of the example contains this text:
>
> "The stylesheet function local:filter is used here in preference to
> direct use of the supplied predicate within the select attribute of
> the xsl:apply-templates instruction because it reduces exposure to
> code injection attacks".
>
> Because "injection attacks" are said to be possible, this means that
> it is assumed that the value of the static stylesheet parameter will
> be supplied by the initiator of the transformation.
>
> However, in other parts of the specification
> (http://www.w3.org/TR/2014/WD-xslt-30-20141002/#static-params), it is
> postulated, that the visibility of a static parameter must always be
> private.
>
> My question is:  Is the expectation that it is possible to supply a
> value to the static stylesheet parameter correct, and if yes, doesn't
> this contradict the definition of the visibility of a static parameter
> as always private?
>
>
> --
> Cheers,
> Dimitre Novatchev

Current Thread
[xsl] XSLT3.0: Question about shadow attributes and the possibility to supply value to a static parameter Dimitre Novatchev dnovatchev@xxxxxxxxx - 21 Nov 2014 06:37:07 -0000 Michael Kay mike@xxxxxxxxxxxx - 21 Nov 2014 09:51:38 -0000 <= Dimitre Novatchev dnovatchev@xxxxxxxxx - 21 Nov 2014 15:09:26 -0000 Michael Kay mike@xxxxxxxxxxxx - 21 Nov 2014 15:23:24 -0000 Message not available Message not available Message not available Message not available Michael Kay mike@xxxxxxxxxxxx - 21 Nov 2014 15:29:35 -0000

Current Thread

[xsl] XSLT3.0: Question about shadow attributes and the possibility to supply value to a static parameter
- Dimitre Novatchev dnovatchev@xxxxxxxxx - 21 Nov 2014 06:37:07 -0000
  - Michael Kay mike@xxxxxxxxxxxx - 21 Nov 2014 09:51:38 -0000 <=
    - Dimitre Novatchev dnovatchev@xxxxxxxxx - 21 Nov 2014 15:09:26 -0000
      - Michael Kay mike@xxxxxxxxxxxx - 21 Nov 2014 15:23:24 -0000
  - Message not available
    - Message not available
      - Message not available
      - Message not available
      - Michael Kay mike@xxxxxxxxxxxx - 21 Nov 2014 15:29:35 -0000

<- Previous	Index	Next ->
[xsl] XSLT3.0: Question about shado, Dimitre Novatchev dn	Thread	Re: [xsl] XSLT3.0: Question about s, Dimitre Novatchev dn
[xsl] XSLT3.0: Question about shado, Dimitre Novatchev dn	Date	Re: [xsl] XSLT3.0: Question about s, Dimitre Novatchev dn
	Month

Keywords

xpath

Re: [xsl] XSLT3.0: Question about shadow attributes and the possibility to supply value to a static parameter

Products

Features

Shop

Resources

Support

Company