Page 1 of 1
XSLT Related Oddities?
Posted: Sat Mar 28, 2009 3:20 pm
by therube
XSLT Related Oddities?
OK, lets try this one on for size.
http://www.hirsch.sth.ac.at/~robert/the ... -index.xml
With XSLT set, compare the layout with the page blocked vs. allowed.
And what, NoScript is just doing its job correctly?
And I should get KaiRo to revise his page?
In this instance, I would want the page to display correctly, though I would not necessarily want to allow the domain.
Right now, they are mutually exclusive?
Re: XSLT Related Oddities?
Posted: Mon Mar 30, 2009 3:10 pm
by Giorgio Maone
Yes, it's NoScript doing its job.
We had some discussion in the security group before 3.0.8 about XSLT to be considered active content, and there was general consensus about this being a good idea.
KaiRo is using XSLT to render a presentation of its XML page.
You either need to allow active content on his site or ask him to use XSLT server side (like most sites which can't rely on universal XSLT browser support do).
Re: XSLT Related Oddities?
Posted: Mon Mar 30, 2009 4:25 pm
by dhouwn
Another example:
https://www.battle.net/login/login.xml
The question is whether 'normal' NoScript users will be irritated by this.
Re: XSLT Related Oddities?
Posted: Mon Mar 30, 2009 4:39 pm
by therube
Not sure what you're seeing there?
Everything looks good regardless of any setting changes that I make?
Re: XSLT Related Oddities?
Posted: Mon Mar 30, 2009 8:21 pm
by GµårÐïåñ
I saw what is stated on both links provided and yeah they look odd alright.
The first one the log looks like a giant run on sentence which other than being slightly annoying is not a huge big deal but I can see the point, I think all things considered, I rather not have the formatting than to be open for exploit.
The second one is just simply silly that a site would do that. On a personal note, I find it to be bad coding frankly to make it so technology dependent and not make it more universally compatible but hey what do I know.
Re: XSLT Related Oddities?
Posted: Mon Mar 30, 2009 11:06 pm
by dhouwn
therube wrote:Not sure what you're seeing there?
Everything looks good regardless of any setting changes that I make?
The site does some sniffing which leads to the site being delivered as XHTML (XSL processing on the server side) for some browsers while in XML for others.
On my browser the XML version is deliviered (XSL processing on the client side).
That's the source code for the XML version:
Code: Select all
<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="/login/_layout/login-battlenet.xsl"?>
<page country="USA" name="Account Login" promo="loghead" requestUrl="/login/login.xml" xml:lang="en-US">
<login>
<tas:form xmlns:tas="http://www.blizzard.com/ns/login">
<tas:ref/>
<tas:app value=""/>
<tas:accountName/>
<tas:password/>
<tas:authType/>
<tas:authValue/>
<tas:site value="0"/>
<tas:amDomain value=""/>
<tas:wamDomain value="www.worldofwarcraft.com"/>
</tas:form>
</login>
</page>
If battle.net is not allowed, a blank page is shown.
Re: XSLT Related Oddities?
Posted: Mon Mar 30, 2009 11:48 pm
by therube
Ah, OK.
I had to spoof my UA to show Firefox/2.0 rather then SeaMonkey 2.0b1. (Poor browser sniffing I'd assume
.)
Once I did that, I too got a blank page.
(Note my logged UA, below.)
Re: XSLT Related Oddities?
Posted: Mon Mar 30, 2009 11:57 pm
by GµårÐïåñ
therube wrote:Ah, OK.
I had to spoof my UA to show Firefox/2.0 rather then SeaMonkey 2.0b1. (Poor browser sniffing I'd assume
.)
Once I did that, I too got a blank page.
(Note my logged UA, below.)
Yeah I played with the browser identification and with FF it blanks and a couple others too but not all. Its just poorly written sniff and coding in my opinion.
