Schematron and external functions
Having trouble installing Oxygen? Got a bug to report? Post it all here.
Schematron and external functions
In a project that was once upon a time validating fine on a Mac (oXygen v. 20), I am now (v. 21 on PC) getting the following message:
I understand that <xsl:result-document> can be dangerous, but what extra measure of security does a framework provide?
I see options for dis/allowing extension function calls with various Saxon engines under XSLT and XQuery operations, but why not allow something analogous at the XML > XML Parser > Schematron tab under Preferences?
I tried unsuccessfully to find some background on this on the oXygenxml.com website. So in the interests of not just myself but other users trying to figure this out, I'll ask here about the rationale.[ISO Schematron] xsl:result-document is disabled when extension functions are disabled. For security reasons the external function calls have been disabled because the Schematron file is not located inside a framework.
I understand that <xsl:result-document> can be dangerous, but what extra measure of security does a framework provide?
I see options for dis/allowing extension function calls with various Saxon engines under XSLT and XQuery operations, but why not allow something analogous at the XML > XML Parser > Schematron tab under Preferences?
-
alex_jitianu
- Posts: 1008
- Joined: Wed Nov 16, 2005 11:11 am
Re: Schematron and external functions
Post by alex_jitianu »
Hello,
When the Schematron file is not from a safe location it is being run in a sandbox, with limited permissions. Frameworks, for example, are considered safe locations because they either came built-in with Oxygen or the user have installed them himself. The file from within the framework directory can thus be run with full permissions.
What you can do:
1. If you already have a framework then all you have to do is to move that Schematron file inside the framework directory.
2. You can go to Options->Preferences... on page Document Type Association / Locations and just add the directory where the Schematron is located as an additional frameworks directory. Not a very elegant solution but it is a quick fix without any undesired side effects.
3. If you set the system property com.oxygenxml.disable.security=true then Oxygen will not sandbox resource that are not from safe locations. Framework and plugin locations are considered safe.
I will add an issue to offer a check box inside preferences with the same functionality.
Best regards,
Alex
When the Schematron file is not from a safe location it is being run in a sandbox, with limited permissions. Frameworks, for example, are considered safe locations because they either came built-in with Oxygen or the user have installed them himself. The file from within the framework directory can thus be run with full permissions.
What you can do:
1. If you already have a framework then all you have to do is to move that Schematron file inside the framework directory.
2. You can go to Options->Preferences... on page Document Type Association / Locations and just add the directory where the Schematron is located as an additional frameworks directory. Not a very elegant solution but it is a quick fix without any undesired side effects.
3. If you set the system property com.oxygenxml.disable.security=true then Oxygen will not sandbox resource that are not from safe locations. Framework and plugin locations are considered safe.
I will add an issue to offer a check box inside preferences with the same functionality.
Best regards,
Alex
Re: Schematron and external functions
I have encountered this problem also (trying to use a saxon:path() function inside my Schematron file), and I would also vote for a checkbox on the Schematron preferences page to disable security checking for external functions.
Re: Schematron and external functions
(In this case I was able simply to substitute fn:path() for saxon:path() but the general issue remains.)
-
alex_jitianu
- Posts: 1008
- Joined: Wed Nov 16, 2005 11:11 am
Re: Schematron and external functions
Post by alex_jitianu »
Hi,
I'll add your vote for that check box and I will increase its priority.
Best regards,
Alex
I'll add your vote for that check box and I will increase its priority.
Best regards,
Alex
Jump to
- Oxygen XML Editor/Author/Developer
- ↳ Feature Request
- ↳ Common Problems
- ↳ DITA (Editing and Publishing DITA Content)
- ↳ SDK-API, Frameworks - Document Types
- ↳ DocBook
- ↳ TEI
- ↳ XHTML
- ↳ Other Issues
- Oxygen XML Web Author
- ↳ Feature Request
- ↳ Common Problems
- Oxygen Content Fusion
- ↳ Feature Request
- ↳ Common Problems
- Oxygen JSON Editor
- ↳ Feature Request
- ↳ Common Problems
- Oxygen PDF Chemistry
- ↳ Feature Request
- ↳ Common Problems
- Oxygen Feedback
- ↳ Feature Request
- ↳ Common Problems
- Oxygen XML WebHelp
- ↳ Feature Request
- ↳ Common Problems
- XML
- ↳ General XML Questions
- ↳ XSLT and FOP
- ↳ XML Schemas
- ↳ XQuery
- NVDL
- ↳ General NVDL Issues
- ↳ oNVDL Related Issues
- XML Services Market
- ↳ Offer a Service