You might want to set ALLOW_EXTERNAL_FUNCTIONS to false,
see http://www.saxonica.com/documentation/using-xsl/embedding.html
and rather than trap uses of document() at the syntactic level just use
a URI handler that doesn't allow things that you don't want to allow
(perhaps don't allow all uris, or only allow them into some secure
sandboxed directory, or whatever is appropriate)
Dav
________________________________________________________________________
The Numerical Algorithms Group Ltd is a company registered in England
and Wales with company number 1249803. The registered office is:
Wilkinson House, Jordan Hill Road, Oxford OX2 8DR, United Kingdom.
This e-mail has been scanned for all viruses by Star. The service is
powered by MessageLabs.
________________________________________________________________________
--~------------------------------------------------------------------
XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
To unsubscribe, go to: http://lists.mulberrytech.com/xsl-list/
or e-mail: <mailto:xsl-list-unsubscribe(_at_)lists(_dot_)mulberrytech(_dot_)com>
--~--