[Webkit-unassigned] [Bug 55357] XSLT extension functions
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Mar 3 01:24:27 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=55357
--- Comment #5 from Martin Blom <martin at blom.org> 2011-03-03 01:24:27 PST ---
(In reply to comment #4)
> > Think of all the good things that has come from the EXSLT project, for instance.
>
> Note that we don't enable EXSLT. That is tracked by bug 4079, but it's not clear if enabling it would do WebKit any good either.
XSLT is a rather nice templating language in theory. However, in practice it is often pretty much useless for anything but very trivial transformations, if the processor cannot be extended with custom functions.
A great benefit of allowing the XSLTProcessor caller to extend the built-in set of XPath functions is that the browser may concern itself less with what extended APIs to provide. The user can just plug it in when setting up the transformation.
> > the only thing that we are aware of is when the callback initializes another transformation.
>
> I've been thinking about changes to DOM tree specifically, but there are likely many attack vectors.
Can you please clarify that? XSLTProcessor.transfromTo*() are synchronous calls, so they should really not be any different from say the NS resolver callback in Document.evaluate().
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list