The functionality is B2 in your response. It is assumed that the data is coming from everywhere, but the xslt stylesheet will only come from trusted sites. So the client needs to accept access across domains only for his trusted site(s) in which case there will be no security issue.
I don't mind if the xsl parameter will not be part of the standard but as I expect that it will be used in several case, it would be convenient if those implementations that do use this feature, use it in the same way with the same parameter name.
Theo
>>> [log in to unmask] 09-01-03 15:43 >>>
> I want to add another proposal for that proposal list. In SRU there is
> need to specify the URL to a xsl stylesheet in the request parameters.
With what proposed functionality?
There are two options:
A) The server does the XSL processing.
B) The client does the XSL processing.
A) The response is no longer SRU. What you're doing is layering an XSL
engine over top of SRU - the client never sees the SRU XML, just the
transformed XML/HTML. That's not part of SRU IMO.
B) If the client is doing the processing, then why does it need to send
the stylesheet, just to have it sent back? If it's to put it in the
xml-stylesheet header, then either:
B1) The server needs to copy the style sheet to a local location and
change the URL appropriately
B2) The client needs to accept cross-site scripting, which is a gaping
security issue as XSLT is capable of doing a lot of clever things that
could be potentially abused. Mozilla will reject any attempt at
such cross-site scripting. IE makes you sign your own death sentence in a
popup.
None of these options seem particularly worthwhile -as part of SRU-, IMO.
Useful in general, but not as part of the standard as there are so many
things that people might want to do, and ways in which they might want to
do them.
Rob
--
,'/:. Rob Sanderson ([log in to unmask])
,'-/::::. http://www.o-r-g.org/~azaroth/
,'--/::(@)::. Special Collections and Archives, extension 3142
,'---/::::::::::. Twin Cathedrals: telnet: liverpool.o-r-g.org 7777
____/:::::::::::::. WWW: http://liverpool.o-r-g.org:8000/
I L L U M I N A T I
|