By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,294 Members | 2,681 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,294 IT Pros & Developers. It's quick & easy.

xml transform over https

P: n/a
My team is using the FO library to generate PDFs.

We are also required to use https.

The XSL transform page fed into javax.xml.transform.Transformer starts
with

<?xml version="1.0"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:fo ="http://www.w3.org/1999/XSL/Format">

---

Now, when displaying the PDF, Internet Explorer is popping an alert
saying "This page contains both secure and nonsecure items. Do you
want to display the nonsecure items?"

And no particular preferences in IE take this away. ENABLE MIXED
CONTENT and WARN IF CHANGING ... are both set correctly, yet we still
get the popup. I can only think that this xsl file is causing us
trouble.

Now, before looking at this problem - I believed that namespace uri
strings were simply that, unique identifiers. Not necessarily valid
internet URLs. Since transorms work without a connection to the
internet, it seems to make sense. Yet, as soon as I put
https:///www.w3.org/1999/XSL/Transform into this header, I get the
infamous "javax.xml.transform.TransformerException: stylesheet
requires attribute: version".

Can someone explain to me why the URI needs to be exactly
http://www.w3.org/1999/XSL/Transform and is there any way around this?
I'd like to get everything within the https environment, to use https
- as I'd like to get rid of that popup.

Thanks,

-LutherB
Jul 20 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Luther Baker wrote:
...
Can someone explain to me why the URI needs to be exactly
http://www.w3.org/1999/XSL/Transform and is there any way around this?
...


Because, as you said, it's just a string. But it's also an *identifier*
-- if it doesn't match character by character, the XSLT engine will not
recognize the language.

I'd say this is a browser bug -- namespace URIs should be irrelevant for
security considerations (unless of course something really accesses them).

Julian
Jul 20 '05 #2

P: n/a
Luther Baker wrote:
My team is using the FO library to generate PDFs.

We are also required to use https.

The XSL transform page fed into javax.xml.transform.Transformer starts
with

<?xml version="1.0"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:fo ="http://www.w3.org/1999/XSL/Format">

---

Now, when displaying the PDF, Internet Explorer is popping an alert
saying "This page contains both secure and nonsecure items. Do you
want to display the nonsecure items?"

...


Speaking of which -- if the transformation happens server-side, why
would the exact syntax of the XSLT ever affect the generated PDF data
stream? I guess there's something else wrong with the content you're
sending.
Jul 20 '05 #3

P: n/a


Luther Baker wrote:
My team is using the FO library to generate PDFs.

We are also required to use https.

The XSL transform page fed into javax.xml.transform.Transformer starts
with

<?xml version="1.0"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:fo ="http://www.w3.org/1999/XSL/Format">

---

Now, when displaying the PDF, Internet Explorer is popping an alert
saying "This page contains both secure and nonsecure items. Do you
want to display the nonsecure items?"

And no particular preferences in IE take this away. ENABLE MIXED
CONTENT and WARN IF CHANGING ... are both set correctly, yet we still
get the popup. I can only think that this xsl file is causing us
trouble.

Now, before looking at this problem - I believed that namespace uri
strings were simply that, unique identifiers. Not necessarily valid
internet URLs. Since transorms work without a connection to the
internet, it seems to make sense. Yet, as soon as I put
https:///www.w3.org/1999/XSL/Transform into this header, I get the
infamous "javax.xml.transform.TransformerException: stylesheet
requires attribute: version".

Can someone explain to me why the URI needs to be exactly
http://www.w3.org/1999/XSL/Transform and is there any way around this?
I'd like to get everything within the https environment, to use https
- as I'd like to get rid of that popup.


I am pretty sure the warning IE gives has nothing to do with the
namespace URIs. Your XSLT transformation is done on the server isn't it?
So IE doesn't even see the XSL stylesheet.
I don't know what kind of page you generate but maybe you have an
<iframe> in there pointing to a non https URL. That is when IE usually
gives the warning.
If you post a URL maybe we can find out what causes the warning but I
don't think the whole problem is related to XML thus asking in an IE
group might be a better way.

--

Martin Honnen
http://JavaScript.FAQTs.com/

Jul 20 '05 #4

P: n/a
Martin Honnen <ma*******@yahoo.de> wrote in message news:<3f********@olaf.komtel.net>...
Luther Baker wrote:
My team is using the FO library to generate PDFs.

We are also required to use https.

The XSL transform page fed into javax.xml.transform.Transformer starts
with

<?xml version="1.0"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:fo ="http://www.w3.org/1999/XSL/Format">

---

Now, when displaying the PDF, Internet Explorer is popping an alert
saying "This page contains both secure and nonsecure items. Do you
want to display the nonsecure items?"

And no particular preferences in IE take this away. ENABLE MIXED
CONTENT and WARN IF CHANGING ... are both set correctly, yet we still
get the popup. I can only think that this xsl file is causing us
trouble.

Now, before looking at this problem - I believed that namespace uri
strings were simply that, unique identifiers. Not necessarily valid
internet URLs. Since transorms work without a connection to the
internet, it seems to make sense. Yet, as soon as I put
https:///www.w3.org/1999/XSL/Transform into this header, I get the
infamous "javax.xml.transform.TransformerException: stylesheet
requires attribute: version".

Can someone explain to me why the URI needs to be exactly
http://www.w3.org/1999/XSL/Transform and is there any way around this?
I'd like to get everything within the https environment, to use https
- as I'd like to get rid of that popup.


I am pretty sure the warning IE gives has nothing to do with the
namespace URIs. Your XSLT transformation is done on the server isn't it?
So IE doesn't even see the XSL stylesheet.
I don't know what kind of page you generate but maybe you have an
<iframe> in there pointing to a non https URL. That is when IE usually
gives the warning.
If you post a URL maybe we can find out what causes the warning but I
don't think the whole problem is related to XML thus asking in an IE
group might be a better way.


There is no iframe, we just post to a servlet, feed the XSL info the
FO engine, and then return the PDF contents to the browser. The
browser prompts the user, and on saying OK, the PDF is downloaded and
ADOBE opens.

I agree with you, its probably got nothing to do with the XSLT, but
I'm not sure why IE feels the content is mixed.

I will try and IE newsgroup.

Thanks,

-LutherB
Jul 20 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.