<xsl:stylesheet xmlns:java="http://xml.apache.org/xslt/java"; xmlns:xsl="http://www.w3.org/1999/XSL/Transform"; version="1.0">
<xsl:template match="/">
<xsl:value-of select="java:java.lang.System.exit(0)"/>
</xsl:template>
</xsl:stylesheet>
Robert Koberg wrote:
Joseph Kesselman wrote:
What is the best way to disable extension?
I may be confused, but I don't think we currently have anything architected
for the purpose. Interesting suggestion, and in these days of "paranoia is
not enough" security it's probably worth considering.
I'd suggest posting this into Bugzilla as an Enhancement request.
will do.
It
shouldn't be particularly hard to code, though there are questions of what
granularity of control is needed and how that is expressed.
great! Personally, I do not use extensions in webapps (though I do offline), so I would not mind if I could simply switch them off. I discourage our users from using them as well, telling them that if I switch processors their code would not work. (I hope to get on XSLTC soon -- though my transformation scenarios are relatively complex.) I don't use EXSLT either, but perhaps they should be exempt from disabling??
(Something similar to redirect is actually built into XSLT 2.0 --
xsl:result-document. I presume you'd want to suppress that too. The working
draft does say that a processor is not required to support the
serialization of result trees, so there's room there for imposing some
controls without violating the spec.)
I am currently using XSLT 1.0, but yes, that would be great if xsl:result-document could be disabled.
thanks, -Rob
