What is the best way to disable extension?
I may be confused, but I don't think we currently have anything architected for the purpose. Interesting suggestion, and in these days of "paranoia is not enough" security it's probably worth considering.
I'd suggest posting this into Bugzilla as an Enhancement request.
will do.
It shouldn't be particularly hard to code, though there are questions of what granularity of control is needed and how that is expressed.
great! Personally, I do not use extensions in webapps (though I do offline), so I would not mind if I could simply switch them off. I discourage our users from using them as well, telling them that if I switch processors their code would not work. (I hope to get on XSLTC soon -- though my transformation scenarios are relatively complex.) I don't use EXSLT either, but perhaps they should be exempt from disabling??
(Something similar to redirect is actually built into XSLT 2.0 -- xsl:result-document. I presume you'd want to suppress that too. The working draft does say that a processor is not required to support the serialization of result trees, so there's room there for imposing some controls without violating the spec.)
I am currently using XSLT 1.0, but yes, that would be great if xsl:result-document could be disabled.
thanks, -Rob
