Schematron and external functions
Posted: Tue Mar 12, 2019 8:43 pm
In a project that was once upon a time validating fine on a Mac (oXygen v. 20), I am now (v. 21 on PC) getting the following message:
I understand that <xsl:result-document> can be dangerous, but what extra measure of security does a framework provide?
I see options for dis/allowing extension function calls with various Saxon engines under XSLT and XQuery operations, but why not allow something analogous at the XML > XML Parser > Schematron tab under Preferences?
I tried unsuccessfully to find some background on this on the oXygenxml.com website. So in the interests of not just myself but other users trying to figure this out, I'll ask here about the rationale.[ISO Schematron] xsl:result-document is disabled when extension functions are disabled. For security reasons the external function calls have been disabled because the Schematron file is not located inside a framework.
I understand that <xsl:result-document> can be dangerous, but what extra measure of security does a framework provide?
I see options for dis/allowing extension function calls with various Saxon engines under XSLT and XQuery operations, but why not allow something analogous at the XML > XML Parser > Schematron tab under Preferences?