Small width layout Medium width layout Maximum width layout Small text Medium text Large text
     Search
Downloads Downloads Directory Directory Forums Forums Forge Forge Blogs Blogs        Marketplace Marketplace Careers Program Careers
Community › Forums Register  |  

PortalWebHosting
  Ads  
Biz Modules provides professional business modules and solutions for DotNetNuke
 


  Sponsors  

Meet Our Sponsors

WebSecureStores -- ASP.NET & DotNetNuke Hosting Solutions
FCKeditor Project
Salaro -- Skins and more
OnyakTech
The best choice for your web site host, email hosting, and domain registration.
CrystalTech Web Hosting™
 


DotNetNuke Forums
 
  Forum  DotNetNuke® Pro...  XML Module [Lea...  XML v04.03.03 Breaking change -Execution of scripts was prohibited...
Previous Previous
 
Next Next
New Post 4/14/2007 9:07 PM
User is offline iwonder
485 posts
wizzodawg.blogspot.com/
8th Ranked


Re: Execution of scripts was prohibited... 

Stefan,

Had not read anything about the issue you pointed out.  The argument against using scripting inside xsl stylesheets seems sound enough.  I'm wondering how we go about using XSLT extension objects, though.  Is this usage similar to the 'static' parameters we are passing from the dropdown list of choices present in the module?  If so, then, it would we would need some way to add to those items in a custom manner.  A sort of code hook that allows Host SuperUsers to provide a custom list of extensions that can be utilized.  For example, many of my tasks involve selecting items for display of xml data by pubDate, and ExpireDate, or a custom element.  I don't need in-line scripting exactly, but do need a way to pass the 'filter' parameters to the xsl.  The current list of 'static' params doesn't provide me the flexibility of customization, or at least not in that manner that I can see.  Though, you know about that part more than me.  I'm just getting familiar with the module since you improved it.

Performance issues would be a concern with in-line scripting moreso than the security issues, so I understand the reluctance to provide it as standard.  I've no problem with that decision, just didn't know about the issue, so good call, and I certainly agree with it.

Just need some way to be able to pass a custom value parameter, that may have to be computed at runtime to be used in the xsl. Any ideas on that type of usage?  If that type of usage is available, now, could you provide an example?  Further, can XSLT extension objects be used currently?  What about an example for us?

Thanks for tending to the issue and giving some very good info about the problems.  I have not encountered the issue on my intranet, but the test site is not yet heavily used, so it's nice to know about it before we went live with that approach.  Thanks again.
 
New Post 5/24/2007 7:30 PM
User is offline Joe Brinkman
1330 posts
www.dotnetnukecorp.com
6th Ranked






Re: Execution of scripts was prohibited... 

In the past year I have worked a lot with AspDotNetStorefront which relies very heavily on the use of XSLT and XSLT extensions.  When I first started working with it I found that the extensions provided with the product were insufficient.  I added the ability to define additional extension assemblies in the web.config file.  It is fairly easy to implement this pattern and it allows you to define as many extension assemblies as you need.  In this case I would recommend not making this a web.config setting but instead using custom module settings.  To make it work, you essentially need to gather 2 pieces of data for the extension:  The extension class and the namespace to associate with the extension.  Here is an example of one web.config entry for the DotNetNuke Marketplace:

<add name="DotNetNuke Extensions" type="DotNetNukeExtensions.DnnExtensions, DotNetNukeExtensions" namespace="urn:dnn" />

Again, keep in mind that the web.config storage is not important, just that we have an assembly qualified type name and an associated namespace.  Now that we have a typename and namespace we can use

obj = Activator.CreateInstance(objType);
m_TransformArgumentList.AddExtensionObject(ext.Attributes["namespace"], obj);

to add the extension object (note: obviously there is more code associated with these two lines and it is a grossly simplified example).

The reason I prefer extension objects over scripts is that the compiled classes allow you full access to the entire DotNetNuke framework.  It also means that I can use other extension classes like those defined in the EXSLT.net project. 

In my XSLT files it is a simple matter to define my stylesheet to reference the namespace:

<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:aspdnsf="urn:aspdnsf" xmlns:dnn="urn:dnn" exclude-result-prefixes="aspdnsf">

Then in my stylesheet I am free to call my custom extension methods at will:

< xsl:variable name="Images" select="dnn:GetImageUrls($ProductID, 'medium')" />

If I return an XpathNodeIterator from my extension method then I can further process the method results using XSLT.   Typically I use this technique when I want to get some XML that I can further manipulate with my XSLT. 

I have found that extensions allow you to do things with XSLT that would just be too difficult to do with pure XSLT, or to access data in a format that can be easily used in the XSLT.

Joe Brinkman
DotNetNuke Corp.

The Accidental Geek - Joe Brinkman
 
New Post 5/24/2007 9:41 PM
User is offline Stefan Cullmann
1551 posts
5th Ranked








Re: Execution of scripts was prohibited... 

Joe, thank you. This is definitely the way to go. I am going to enhance XML module this way, and if you look at its road map the integration of the EXSLT was already added that way. I am currently investigating some ways to integrate custom extensions, think of plugins like the visualizers in reports.

Extensions have one downside as they require fulltrust to work.

Stefan Cullmann - stefan.cullmann [at] dotnetnuke.com
form and List will be the successor of the User Defined Table module.
----------------------------------------------------------------------
Do you want to import external data to form and List /User Defined Table?
Check out http://www.codeplex.com/Csv2UDTImport
 
 Page 2 of 2Previous12 
Previous Previous
 
Next Next
  Forum  DotNetNuke® Pro...  XML Module [Lea...  XML v04.03.03 Breaking change -Execution of scripts was prohibited...
 


Forum Policy

These Discussion Forums are dedicated to the discussion of the DotNetNuke Web Application Framework.

For the benefit of the community and to protect the integrity of the project, please observe the following posting guidelines:

1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DotNetNuke.
2. Discussion or promotion of DotNetNuke product releases under a different brand name are strictly prohibited.
3. No Flaming or Trolling.
4. No Profanity, Racism, or Prejudice.
5. Site Moderators have the final word on approving/removing a thread or post or comment.
6. English language posting only, please.
 


Faculty of Graduate and Postdoctoral Studies
At the graduate level, the University of Ottawa offers more than 180 graduate certificates, master's degrees and PhDs, as well as interdisciplinary programs such as Women's Studies and Canadian Studies. Many postdoctoral opportunities are available in both the sciences and the humanities. For further information, please consult the site of the Faculty of Graduate and Postdoctoral Studies.
www.grad.uottawa.ca 		Vekkin Solutions
Vekkin Solutions provides complete website solutions and custom module development to churches and small businesses.
www.vekkin.com 		Powered by Adcuent®.Com
Adcuent® Consulting & Technology offers custom development web applications and hosting projects under the brand of Powered by Adcuent®.Com
www.adcuent.com

DotNetNuke Corporation   Terms Of Use  Privacy Statement
DotNetNuke®, DNN®, and the DotNetNuke logo are trademarks of DotNetNuke Corporation
Hosted by MaximumASP