First, top-level <xsl:param> elements are intended to be the mechanism for passing in parameters from outside the styleseet. In an environment like AxKit, those parameters are arguably (at least) the CGI params assocaiated with the current request.
Second, using namespace-prefixed params would require us to examine the stylesheet documents for the URI associated with the prefixes in all cases since passing in a param named 'foo:bar' results in a fatal error if 'foo' is not bound to a URI in the stylesheet document. Whereas, using the current implementation, if you do not have a top-level <xsl:param> whose name attribute matches the name of a given CGI param, nothing at all happens, it is silently ignored.
Third, params passed in via <xsl:param> arguably do not share many of the same risks as raw CGI params in a Perl script (for example). Given XSLT's lack of real side effects, even if the stylesheet author is over-trusting on the params that they ask for, the most a scriptkiddie is likely to achieve is blowing up the transformation for their own request.
Finally, stylesheet authors should not confuse top-level <xsl:param> definitions with top-level <xsl:variable> definitions. Top level <xsl:param>s are there *expressly* to accept data from the outside World. If you are really worried about "collision" for a given top-level definition, then you should be using an <xsl:variable> instead-- which will work the same in the rest or your stylesheet, but won't be set by any params passed in, even if the names are the same[1]. I understand the point about "only give me what i ask for" but, by using an <xsl:param> you are *already* explicity asking for the data to be passed in.
My suggestion: leave things as they are. Making param data easily avalable to XSLT by default is a nice feature, is easy to explain to new users, and can be used sanely as-is.
[1] Much confusion, hand-waving and bad feelings have been caused (mostly on IRC, and mostly from me acting like a snide dickhead) based on the fact that libxslt has a bug that makes top-level variables wrongly act like top-level params. I've submitted a bug report to the Gnome folks and publically apologize for doubting anyone's veracity.
At least now we know why/how some of us have "verfied" different behavior at different times for this case... Sablotron is not similarly afflicted and does the Right thing for top-level variables.
-kip
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
