Difference between server-side and client-side XSL processing
One of the things I'm messing with at present is offloading some of my XSL
processing to those browsers which claim to be able to handle it. That is
to say, if the client tells me it accepts either 'text/xml'
or 'application/xml' I'll send it the XML with an appropriate
xml-stylesheet PI; otherwise I'll run the transform server side and ship
However, I'm getting differences in the resulting HTML depending on whether
the XML is transformed client side or server side. Most of those
differences seem to be concerned with things that do the equivalent of
<xsl:apply-templates select="document( someurl)"/>
where the URLs are all world-addressable URLs, some of them on the same
server the XML was despatched from, some not. An example is this page
[this is a system in development, bits of it break and it has rough edges -
I know this]
When fetched with Firefox, which advertises its ability to transform XML,
the book details which should be fetched from Amazon into the floating DIV
on the right of the page do not get fetched; when fetched by a browser
(such as IE7 or Konqi) which does not advertise the ability to transform
XML, I do the transform server side using Xalan2, and the book details do
What I want to know is
(i) Is there something in the specifications which says that clients should
not fetch XML from third-party sites?
(ii) Is there some obvious - and foolish - bug in my code?
(iii) Is there a bug in Firefox?
I'd really like to offload the transform where I can, because it would save
a lot of load on my servers.
email@example.com (Simon Brooke) http://www.jasmine.org.uk/~simon/
;; better than your average performing pineapple
Re: Difference between server-side and client-side XSL processing
Simon Brooke wrote:
> (i) Is there something in the specifications which says that clients should
> not fetch XML from third-party sites?
Browsers apply the same origin policy so with XSLT a document loaded
from http://example.com/ can load further resources from
http://example.com/ but not from other origins.
With IE/Win you can change that configuration for the different security
zones but I don't think Mozilla allows you to configure that.
There have however been some attempts to specify ways to enable a server
to allow access to resources, the latest is
<http://www.w3.org/TR/access-control/> but I don't think there is any
implementation of that.
|All times are GMT. The time now is 06:34 AM.|
Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.