Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

XSL not working in Google Chrome

Tags:

I've seen plenty of posts all around about this... but I can not, for the life of me, figure out what my problem is! Google Chrome just displays a blank page when I try to transform XML with XSL. When I view source, I see the raw XML. IE works.

I have an XML document that looks like this...

<?xml version="1.0" encoding="ISO-8859-1"?>
<?xml-stylesheet type="text/xsl" href="http://localhost/xsl/listXSL.php"?>
<links>
  <link id="1" name="Google Home Page" url="http://www.google.com/" clicks="0" />
  <link id="2" name="Facebook" url="http://www.facebook.com/" clicks="1" />
  <link id="3" name="Gmail" url="http://gmail.com" clicks="2" />
</links>

... and then the linked XSL file which looks like this...

<?xml version="1.0" encoding="ISO-8859-1"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:template match="/">
  <xsl:for-each select="links/link">
    <a>
        <xsl:attribute name="href">
            <xsl:value-of select="@url" />
        </xsl:attribute>
        <xsl:value-of select="@name" />
    </a><br />
  </xsl:for-each>
</xsl:template>
</xsl:stylesheet>

You might notice that the XSL file is actually a PHP file, but this works fine in other browsers and I've tried changing it to .xsl for Chrome, but it doesn't help. What I'm doing wrong here?

like image 756
Nate Avatar asked Dec 29 '10 21:12

Nate


People also ask

Why XSL is not working in Chrome?

The reason this doesn't work is due to a security concern that Chrome has addressed in a controversial way, by blocking XML files from accessing local XSLT files in the same directory, while HTML files can access . CSS files in the same directory just fine.

How do I read an XSL file?

xsl file included in the XML+XSL Standard Edition template contains CSS information similar to the document. css file included in the XML+CSS template. However, it also contains XSL transformations (XSLT). XSL uses XSLT to transform information from one markup language to another, or in this case, from XML to HTML.


2 Answers

The reason this doesn't work is due to a security concern that Chrome has addressed in a controversial way[1][2][3][4], by blocking XML files from accessing local XSLT files in the same directory, while HTML files can access .CSS files in the same directory just fine.

The justification given by the Chrome team in 2008 was this:


Imagine this scenario:

  1. You receive an email message from an attacker containing a web page as an attachment, which you download.

  2. You open the now-local web page in your browser.

  3. The local web page creates an whose source is https://mail.google.com/mail/.

  4. Because you are logged in to Gmail, the frame loads the messages in your inbox.

  5. The local web page reads the contents of the frame by using JavaScript to access frames[0].document.documentElement.innerHTML. (An Internet web page would not be able to perform this step because it would come from a non-Gmail origin; the same-origin policy would cause the read to fail.)

  6. The local web page places the contents of your inbox into a and submits the data via a form POST to the attacker's web server. Now the attacker has your inbox, which may be useful for spamming or identify theft.

There is nothing Gmail can do to defend itself from this attack.


I do agree it's annoying, as a fix you've got 2 solutions:

  1. Try running chrome with the --allow-file-access-from-files switch (I've not tested this myself)

  2. Upload it to a host, and everything will be fine.

like image 190
Pacerier Avatar answered Sep 20 '22 14:09

Pacerier


Uploading to host soves problem for me. --allow-file-access-from-files switch solution did not work for me.

like image 27
jaymjarri Avatar answered Sep 18 '22 14:09

jaymjarri