All the Perl that's Practical to Extract and Report

This is sooo lame....

ziggy on 2002-05-29T16:04:11

There's a new exploit against Excel, using XSLT stylesheets. This is stupefyingly bad engineering on so many levels:

  • XSLT is a domain-specific programming language that is side-effect free.

    (Translation: the only thing it does is read XML and transform it; you can't assign values to previously declared variables, but apparently Microsoft has embraced and extended the language to the point where it can reformat your hard drive).

  • This isn't XSLT code, but Microsoft's most favoritest clone, the penultimate working draft of XSLT (superceeded in 1999, with the release of XSLT 1.0). This version allows the <xsl:script> tag that makes it possible to include any random *Script code in your stylesheet; this is generally considered to be a bad idea, which is why Microsoft is the only vendor still supporting this feature (in the name of supporting their users who had legacy stylesheets 3 years ago...)
Yet another example of Microsoft's «If we wanted to hear your opinion, we would have given it to you» attitude costing you more time and money each time you upgrade...

Scripting in XSLT

Matts on 2002-05-31T07:12:20

Most vendors are offering this, not just Microsoft. Xalan (or is it Xerces?) for example allows Javascript in XSLT.

Re:Scripting in XSLT

ziggy on 2002-05-31T13:11:18

Hm. The three engines I've used most heavily (xp, saxon, xsltproc) don't support this as far as I know. I remember that it was part of the plan to offer a scripting language (most likely JavaScript/ECMAScript) as part of XSLT, but of all the things that are missing from XSLT 1.0, I can honestly say I don't miss that particular feature at all.