On Fri, Nov 21, 2014 at 1:51 AM, Michael Kay <mike(_at_)saxonica(_dot_)com>
wrote:
We ought really to make a more careful distinction between "visibility to the
calling application" and "visibility to a using package".
Stylesheet parameters are not visible to a using package (because we want to
allow packages to be compiled independently of each other),
but they are visible to the calling application (because otherwise they would
be pointless).
What if the value of a static stylesheet parameter was used to make
compile-time decisions (as in the "use-when" attribute on an
"xsl:import" declaration)? Wouldn't providing by the caller a
different value for this static parameter require a new compilation of
the already compiled package?
Cheers,
Dimitre
On Fri, Nov 21, 2014 at 1:51 AM, Michael Kay mike(_at_)saxonica(_dot_)com
<xsl-list-service(_at_)lists(_dot_)mulberrytech(_dot_)com> wrote:
We ought really to make a more careful distinction between "visibility to the
calling application" and "visibility to a using package". Stylesheet
parameters are not visible to a using package (because we want to allow
packages to be compiled independently of each other), but they are visible to
the calling application (because otherwise they would be pointless).
The two ideas are related, for example we only allow the application to
invoke a named template or a function as an entry point if it has public (or
final) visibility, but they are not identical.
Michael Kay
Saxonica
mike(_at_)saxonica(_dot_)com
+44 (0) 118 946 5893
On 21 Nov 2014, at 06:37, Dimitre Novatchev dnovatchev(_at_)gmail(_dot_)com
<xsl-list-service(_at_)lists(_dot_)mulberrytech(_dot_)com> wrote:
In section 3.14.2 "Shadow Attributes" the 2nd example: "Example:
Using Shadow Attributes to Parameterize Selection of Elements", shows
how to produce a report giving information about selected employees.
The predicate defining which employees are to be included in the
report is supplied (as a string containing an XPath expression) in a
static stylesheet parameter.
A note at the end of the example contains this text:
"The stylesheet function local:filter is used here in preference to
direct use of the supplied predicate within the select attribute of
the xsl:apply-templates instruction because it reduces exposure to
code injection attacks".
Because "injection attacks" are said to be possible, this means that
it is assumed that the value of the static stylesheet parameter will
be supplied by the initiator of the transformation.
However, in other parts of the specification
(http://www.w3.org/TR/2014/WD-xslt-30-20141002/#static-params), it is
postulated, that the visibility of a static parameter must always be
private.
My question is: Is the expectation that it is possible to supply a
value to the static stylesheet parameter correct, and if yes, doesn't
this contradict the definition of the visibility of a static parameter
as always private?
--
Cheers,
Dimitre Novatchev
--
Cheers,
Dimitre Novatchev
---------------------------------------
Truly great madness cannot be achieved without significant intelligence.
---------------------------------------
To invent, you need a good imagination and a pile of junk
-------------------------------------
Never fight an inanimate object
-------------------------------------
To avoid situations in which you might make mistakes may be the
biggest mistake of all
------------------------------------
Quality means doing it right when no one is looking.
-------------------------------------
You've achieved success in your field when you don't know whether what
you're doing is work or play
-------------------------------------
To achieve the impossible dream, try going to sleep.
-------------------------------------
Facts do not cease to exist because they are ignored.
-------------------------------------
Typing monkeys will write all Shakespeare's works in 200yrs.Will they
write all patents, too? :)
-------------------------------------
I finally figured out the only reason to be alive is to enjoy it.
--~----------------------------------------------------------------
XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
EasyUnsubscribe: http://lists.mulberrytech.com/unsub/xsl-list/1167547
or by email: xsl-list-unsub(_at_)lists(_dot_)mulberrytech(_dot_)com
--~--