-----Original Message-----
From: M. David Peterson [mailto:m(_dot_)david(_at_)xmlhacker(_dot_)com]
On Sun, 16 Sep 2007 03:15:11 -0600, Alain <alainb06(_at_)free(_dot_)fr> wrote:
(unreliable on client-side)
If anyone uses the "unreliable on client-side" argument, question their
motives.
--------------------------
Please keep in mind that Alain paraphrased me on this - I didn't
directly say it anywhere in my response. What I was saying, though, was
that you have much more stability and resources on the server side,
where you know if you're using MSXML or libxslt or Saxon, and can
leverage the power of your transformations against their features. (Even
if those features are nothing more than exsl:node-set().)
-----Original Message-----
From: M. David Peterson [mailto:m(_dot_)david(_at_)xmlhacker(_dot_)com]
Some facts,
[... a great list of points that I wholly agree with ...]
* There are some gotchas.
[... these relate only to the transformations themselves ...]
--~------------------------------------------------------------------
There's another gotcha lurking here, if your transformations are
powerful to the point where you could basically spit the XML-ized
results of a database query (or XQuery) at a browser along with with
your XSLT stylesheet and create your finished, polished page directly
from the data. (This is the best-case scenario, but hear me out.)
In the above case, if you view the source from the browser, you'll see
the raw, unprotected data, since your source is the XML document itself.
In many business cases, there are several parameters and values that
have nothing to do with the presentation of the data, but are crucial to
organizing that data, and should not be available for the user to see
for one reason or another. In your XSLT, you may be discarding these
along the way to presentation, but if you do this on the client side,
you're still including it in the data, and so it'll still be visible to
anyone viewing the site - including, at the absolute worst-case
scenario, Google bots, at which point it's public forever.
This is what I meant when I said "presentational purposes only". If all
that's left to do is take the data that will be displayed on-screen (and
only that data) and make it into a structured, styled HTML document,
then by all means, let the browser take over from there. Until then,
XSLT still has great power server-side in being able to take the raw
data and arrange it in a more meaningful form with respect to the final
result document.
Also, the forms/parameters argument still holds - you can't POST/GET to
an XML document and expect it to have an effect on the transformation,
nor can you store anything on your server. Even a very light
preprocessor scan will still be very useful here, but only on the server
side.
~ Scott
--~------------------------------------------------------------------
XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
To unsubscribe, go to: http://lists.mulberrytech.com/xsl-list/
or e-mail: <mailto:xsl-list-unsubscribe(_at_)lists(_dot_)mulberrytech(_dot_)com>
--~--