Bug #3109
closed
XSLT functions are exposed to xsl:evaluate but shouldn't be exposed
0%
Description
Both the latest internal draft of the XSLT 3.0 spec in https://www.w3.org/XML/Group/qtspecs/specifications/xslt-30/html/#dynamic-xpath as well as the official https://www.w3.org/TR/xslt-30/#element-evaluate say about the function signatures in the context of dynamic XPath evaluation using xsl:evaluate: "Note that this set deliberately excludes XSLT-defined functions in the standard function namespace".
However when I run tests with Saxon 9.7 EE I find that xsl:evaluate exposes XSLT only functions like document@, @copy-of or key to @xsl:evaluate@.
Here is a test case that checks whether function-lookup returns a function for certain XSLT functions:
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="3.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:fn="http://www.w3.org/2005/xpath-functions"
xmlns:math="http://www.w3.org/2005/xpath-functions/math"
xmlns:array="http://www.w3.org/2005/xpath-functions/array"
xmlns:map="http://www.w3.org/2005/xpath-functions/map"
expand-text="true"
exclude-result-prefixes="array fn map math xs">
<xsl:param name="function-list" as="xs:string*" select="'document', 'key', 'current', 'copy-of', 'snapshot'"/>
<xsl:param name="arities" as="xs:integer*" select="1, 2, 0, 1, 1"/>
<xsl:output method="xml" indent="yes"/>
<xsl:template name="main" match="/">
<results>
<xsl:for-each select="$function-list">
<xsl:variable name="pos" select="position()"/>
<xsl:variable name="xpath" as="xs:string">
exists(function-lookup(xs:QName('fn:{.}'), {$arities[$pos]}))
</xsl:variable>
<result function="{.}">
<xsl:evaluate xpath="$xpath"></xsl:evaluate>
</result>
</xsl:for-each>
</results>
</xsl:template>
</xsl:stylesheet>
When run with Saxon 9.7 EE (Saxon-EE 9.7.0.14J) from the command line with -it:main it outputs
<?xml version="1.0" encoding="UTF-8"?>
<results>
<result function="document">true</result>
<result function="key">true</result>
<result function="current">true</result>
<result function="copy-of">true</result>
<result function="snapshot">true</result>
</results>
Exselt outputs
<?xml version="1.0" encoding="UTF-8"?>
<results>
<result function="document">false</result>
<result function="key">false</result>
<result function="current">false</result>
<result function="copy-of">false</result>
<result function="snapshot">false</result>
</results>
Another test case I wrote is
<xsl:stylesheet version="3.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:fn="http://www.w3.org/2005/xpath-functions"
xmlns:math="http://www.w3.org/2005/xpath-functions/math"
xmlns:array="http://www.w3.org/2005/xpath-functions/array"
xmlns:map="http://www.w3.org/2005/xpath-functions/map"
exclude-result-prefixes="array fn map math xs">
<xsl:output method="xml"/>
<xsl:template name="main" match="/">
<xsl:sequence
select="
let $f := function-lookup(xs:QName('fn:document'), 1)
return
if (exists($f)) then
$f('')
else
'not found'"/>
<xsl:variable name="path" as="xs:string">
let $f := function-lookup(xs:QName('fn:document'), 1)
return
if (exists($f)) then
$f('')
else
'not found'</xsl:variable>
<xsl:evaluate xpath="$path"/>
</xsl:template>
</xsl:stylesheet>
which tests whether document is not only exposed but also callable, indeed Saxon calls it and returns the stylesheet while Exselt return the not found for the @xsl:evaluate@.
Please register to edit this issue
.