On Thu, 2003-01-30 at 15:53, Stefano Mazzocchi wrote:
> > I would want to implement a pipeline as follows:
> >
> > <map:match pattern="*/x.html">
> > <map:generate src="x.xml"/>
> > <map:transform src="files/{1}/x.xsl/>
> > <map:serialize type="html"/>
> > </map:match>
> >
> > Where the files directory would contain a user's directory which user's could
>upload there own versions of the stylesheets, ie. skins
> > I would want to define a specific transformer that would not affect the
>transformations in the rest of the application but would limit the user to using
>basic xsl transformations or to limit the user to his xsl file and that alone. I
>wouldn't want the user to have access to any external resources like Java classes or
>other documents.
> > Having just written that sentance, I realise that a user would be able to insert
>an endless recursive template which would kill the application. Could this be
>resolved by monitoring the stylesheet from another thread, killing it if it takes too
>long and then removing that user's stylesheets? I would then probably use an input
>mondule chain to resolve to a default set of stylesheets.
> > Does anyone have any ideas on how to implement this safely or is it just a bad
>idea?
>
> I think this is asking for troubles.
I agree.
>
> Moreover, I don't picture users really writing their own stylesheets
> directly anyway, but I don't know what kind of users you are targetting.
The user's will be developers. Those able to write stylesheets will have
to submit them for review and testing first.
I was just exporing an idea, be it a bad one.
Thank you for the input.
--
Andrew Timberlake <[EMAIL PROTECTED]>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
