XSLT Related Oddities?

Bug reports and enhancement requests
Post Reply
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

XSLT Related Oddities?

Post by therube »

XSLT Related Oddities?

OK, lets try this one on for size.

http://www.hirsch.sth.ac.at/~robert/the ... -index.xml

With XSLT set, compare the layout with the page blocked vs. allowed.

And what, NoScript is just doing its job correctly?
And I should get KaiRo to revise his page?

In this instance, I would want the page to display correctly, though I would not necessarily want to allow the domain.
Right now, they are mutually exclusive?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b4pre) Gecko/20090327 SeaMonkey/2.0b1pre
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: XSLT Related Oddities?

Post by Giorgio Maone »

Yes, it's NoScript doing its job.
We had some discussion in the security group before 3.0.8 about XSLT to be considered active content, and there was general consensus about this being a good idea.
KaiRo is using XSLT to render a presentation of its XML page.
You either need to allow active content on his site or ask him to use XSLT server side (like most sites which can't rely on universal XSLT browser support do).
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)
dhouwn
Bug Buster
Posts: 968
Joined: Thu Mar 19, 2009 12:51 pm

Re: XSLT Related Oddities?

Post by dhouwn »

Another example:
https://www.battle.net/login/login.xml

The question is whether 'normal' NoScript users will be irritated by this. :?
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1b3) Gecko/20090314 Firefox/3.1b3
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: XSLT Related Oddities?

Post by therube »

Not sure what you're seeing there?
Everything looks good regardless of any setting changes that I make?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.22pre) Gecko/20090327 SeaMonkey/1.1.16pre
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: XSLT Related Oddities?

Post by GµårÐïåñ »

I saw what is stated on both links provided and yeah they look odd alright.

The first one the log looks like a giant run on sentence which other than being slightly annoying is not a huge big deal but I can see the point, I think all things considered, I rather not have the formatting than to be open for exploit.

The second one is just simply silly that a site would do that. On a personal note, I find it to be bad coding frankly to make it so technology dependent and not make it more universally compatible but hey what do I know. :P
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8
dhouwn
Bug Buster
Posts: 968
Joined: Thu Mar 19, 2009 12:51 pm

Re: XSLT Related Oddities?

Post by dhouwn »

therube wrote:Not sure what you're seeing there?
Everything looks good regardless of any setting changes that I make?
The site does some sniffing which leads to the site being delivered as XHTML (XSL processing on the server side) for some browsers while in XML for others.
On my browser the XML version is deliviered (XSL processing on the client side).

That's the source code for the XML version:

Code: Select all

<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="/login/_layout/login-battlenet.xsl"?>

<page country="USA" name="Account Login" promo="loghead" requestUrl="/login/login.xml" xml:lang="en-US">
  <login>
    <tas:form xmlns:tas="http://www.blizzard.com/ns/login">
      <tas:ref/>
      <tas:app value=""/>
      <tas:accountName/>
      <tas:password/>
      <tas:authType/>

      <tas:authValue/>
      <tas:site value="0"/>
      <tas:amDomain value=""/>
      <tas:wamDomain value="www.worldofwarcraft.com"/>
    </tas:form>
  </login>
</page>
If battle.net is not allowed, a blank page is shown.
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1b3) Gecko/20090314 Firefox/3.1b3
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: XSLT Related Oddities?

Post by therube »

Ah, OK.
I had to spoof my UA to show Firefox/2.0 rather then SeaMonkey 2.0b1. (Poor browser sniffing I'd assume ;-).)
Once I did that, I too got a blank page.

(Note my logged UA, below.)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b4pre) Gecko/20090327 Firefox/2.0 SeaMonkey/2.0b1pre
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: XSLT Related Oddities?

Post by GµårÐïåñ »

therube wrote:Ah, OK.
I had to spoof my UA to show Firefox/2.0 rather then SeaMonkey 2.0b1. (Poor browser sniffing I'd assume ;-).)
Once I did that, I too got a blank page.

(Note my logged UA, below.)
Yeah I played with the browser identification and with FF it blanks and a couple others too but not all. Its just poorly written sniff and coding in my opinion. :|
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8
Post Reply