Re: [xsl] Using xsl:output in browsers, was: Re [xsl] XHTML html validat

Manfred Staudinger wrote:
> False.
Both run the MSXML libraries. Whether you call it ActiveX or 
differently, they are invoked and they are the same. There are several 
ways to find out what IE actually uses. In this age-old article (which 
on a side note advices against PI for a very different reason) it is 
explained how: http://www.perfectxml.com/articles/xml/XSLTInMSXML.asp. 
Only as of IE7, this method of invocation has changed.
> > not popups about ActiveX, but instead, maybe, popups about cross-frame
> > scripting
> No popup in case of iframe.
I meant this: 
http://msdn.microsoft.com/workshop/author/om/xframe_scripting_security.asp 
and this: http://www.greymagic.com/security/advisories/gm011-ie/
You just have to be careful and know thy security restrictions (which 
are tightened in IE7 and FF as compared to IE6). This is even more so 
when you use the result of a transform, which behaves a little different 
in the security contexts (but this is also true for javascript invoked 
transformations).
> You should consider PIs not instead, but in addition to the javascript
> invoked transformation. This way you will gain additional flexibility!
I agree that you can do both, and in certain situations it may be to an 
advantage, but it depends of course.
> You seem not to have explored this path up to now, as many of your 
> arguments
> rely on general considerations, not on concrete experience.
This is MS say on this: "Although the use of processing instructions is 
sometimes discouraged, their loose structure and the flexibility of 
their placement make them useful for sending messages to an application 
without disrupting the flow of XML information." (but in the same 
article they claim to follow the standard, which they - of course - 
don't: 
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/xmlsdk/html/a3c9b561-c583-4e6b-9ef1-ad19e9c12aa5.asp).

Well, I rather not go too deep into any yes/no discussion (sorry Tommy), 
but I have gone this path too often and it wasn't for me for a plethora 
of reasons. There are ample situations where PI can be handy but it 
gives me the same feeling as GOTO gave me 20 years ago: it works, but 
just isn't "it". A PI is very simple to implement (if you don't care for 
hard-linking, setting your web server to non-standard content-types and 
content negotiation and changing the PI to non-standard values to get it 
working, see http://sourceware.org/ml/xsl-list/2001-12/msg00230.html), 
but the drawbacks and the payoffs are not worth it for me. Every now and 
then I try it again, but it just frustrates me for the lack of 
possibilities and robustness. But hey, that's only an opinion of course.
Perhaps it is worthwhile to create a little list with pros and cons for 
people that are new to the subject so that anyone can decide for his/her 
own situation. I understand that you know pretty much of this type of 
transformation invocation, maybe you can help improving a Wiki article 
on this subject (not yet there).
Abel Braaksma
-- http://xslt.metacarpus.com

--~------------------------------------------------------------------
XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list
To unsubscribe, go to: http://lists.mulberrytech.com/xsl-list/
or e-mail: <mailto:xsl-list-unsubscribe(_at_)lists(_dot_)mulberrytech(_dot_)com>
--~--