• JdFalcon04 (unregistered)

    OK, I used to despise XSLT. Now I only hate it. That's some pretty neat stuff. Oh, and somebody has slightly too much time to figure this out :-D

  • RobertoDellaTerra (unregistered)

    Nice. Reminds me of the days we let our 286 PC run all night just to zoom in on some Mandelbrot detail. :)

  • Ilyak (unregistered)

    "Even if it's variables are write-once and cannot vary."

    It's pretty much a norm for a purely-functional language, which XSLT is.

    Article authors' misunderstanding of this puts not XSLT into shame, but himself

  • Fab (unregistered)

    Stupidly Awesome !

  • (cs)

    The irony here is that the source XML file contains the colour information.

  • Andy Gottit (unregistered)

    Or, if you are not in the habit of letting total strangers take full control of your browser, it looks like this:

    100 -120 120 3.9 -203 100 1.4 28 #500 ░#115 ░#228 ░#22B ░#33D ░#44F ▒#55C ▒#55D ▒#55E ▓#55F ▓#66F ▓#77F ▓#88F █#88F ▓#99F █#99F ▓#AAF █#AAF ▓#BBF █#BBF ▓#CCF █#CCF ▓#DDF █#DDF ▓#EEF █#EEF ▓#FFF █#FFF ░#000

    Charming, either way, I'm sure.

  • (cs)

    Thats the most retarded looking fish I've ever seen.

  • Philevans (unregistered) in reply to Ilyak
    Ilyak:
    "Even if it's variables are write-once and cannot vary."

    It's pretty much a norm for a purely-functional language, which XSLT is.

    Article authors' misunderstanding of this puts not XSLT into shame, but himself

    Dear lord! Someone else who understands what XSL is!

    The number of times that I've tried to explain this to someone, only to be met by a blank stare and a questioning "fun-shu-null . . . ?"

  • Croc Dundee (unregistered) in reply to Andy Gottit

    Yeah, XML tales "full control" of your browser. How's that foil hat doing, protecting your brainwaves from them, I hope.

  • (cs)

    It gives different colors in Firefox than in IE8. But it certainly is a stupid tric.

  • (cs)

    I'll let other work out the issues of purely functional languages. But as for the English language...

    wrong: "Even if it is variables are write-once and cannot vary."

    right: "Even if its variables are write-once and cannot vary."

  • Matthew (unregistered) in reply to Welbog
    Welbog:
    The irony here is that the source XML file contains the colour information.

    Yep, just what I was thinking. Presentation info should go in the stylesheet.

  • Ilyak (unregistered)

    XSLT is a functional (monadic, I'd say) programming language that takes a XML of some structure and produces another XML.

    XSLT functions are called 'templates', and they are either called directly by name, or indirectly by using pattern-matching (feature available in a lot of more high-end functional languages).

    XSLT uses award-winning XPath as its expression language, which permits math, string operations (rudimendary, I have to admit) and DOM querying in a very easy and powerful way.

    Thus each template operates on one element of input XML, directly, and all of the input DOM tree, via XPath queries.

    Each template can output any number of XML subtrees and also call other templates, making the language turing compatible. There are variables, for-loops, condition statements. Any questions?

  • IByte (unregistered) in reply to Andy Gottit
    Andy Gottit:
    Or, if you are not in the habit of letting total strangers take full control of your browser, it looks like this:

    100 -120 120 3.9 -203 100 1.4 28 #500 ░#115 ░#228 ░#22B ░#33D ░#44F ▒#55C ▒#55D ▒#55E ▓#55F ▓#66F ▓#77F ▓#88F █#88F ▓#99F █#99F ▓#AAF █#AAF ▓#BBF █#BBF ▓#CCF █#CCF ▓#DDF █#DDF ▓#EEF █#EEF ▓#FFF █#FFF ░#000

    Charming, either way, I'm sure.

    Indeed, I did notice that NoScript lessens its aesthetic appeal...

  • Anonymous (unregistered)

    Funny how, of all the stupid things people could draw with functional programming languages, they all end up drawing the Mandelbrot set. Am I the only one who long ago stopped being impressed by a computer's ability to plot f(z)-->z^2+c?

  • Andy Gottit (unregistered) in reply to Croc Dundee
    Croc Dundee:
    Yeah, XML tales "full control" of your browser. How's that foil hat doing, protecting your brainwaves from *them*, I hope.
    Back in 1998 or 1999, I don't remember which, I demonstrated how to steal real money from folks who would view my web page with scripting enabled. At the time, at least 95% of web sites were vulnerable. It was considered "too hard to fix" and as of today, about 60% of web sites are still unfixed (with ignorant luzers producing more every day). So, of course, I surf with scripting turned off, as I would expect anyone else who knows what's going on would do.

    XML or not, with scripting turned off, that's how it looks. What, you think I made that up?

  • Anonymous (unregistered)

    I'm using XSLT right now to translate a source document into... <sigh>... fucking WordML. Kill me now.

  • Anonymous (unregistered) in reply to Andy Gottit
    Andy Gottit:
    Back in 1998 or 1999, I don't remember which, I demonstrated how to steal real money from folks who would view my web page
    Sorry my friend but if you don't have a proof of concept you're just talking shit.
  • Hans (unregistered) in reply to Ilyak
    Ilyak:
    XSLT functions are called 'templates', and they are either called directly by name, or indirectly by using pattern-matching (feature available in a lot of more high-end functional languages).

    Any questions?

    Yes, two:

    1. Why are the default rules contradictory? I.e. why doesn't an empty XSLT program either copy the entire source or throw it all out, rather than copying elements and throwing out attributes?

    2. Would it have been possible to come up with a more painful syntax than this, or is this in fact the worst imaginable?

  • Andy Gottit (unregistered) in reply to Anonymous
    Anonymous:
    Andy Gottit:
    Back in 1998 or 1999, I don't remember which, I demonstrated how to steal real money from folks who would view my web page
    Sorry my friend but if you don't have a proof of concept you're just talking shit.
    So what's your theory? Someone went to all the work of making the NoScript browser plugin, which is downloaded by over 600,000 people per week, just so we could all talk shit?
  • Ilyak (unregistered)

    On the first question, duh, don't use an empty stylesheet, there's no much reason for it anyway.

    On the second question, what part of XSLT's syntax you dislike? xsl:value-of is too verbose, I have to admit (and I think they're treating it in XSLT2); other than that, any other real problems? Do you prefer languages that look like XML, but actually aren't, thus getting all cons with no pros, btw?

    P.S. Well, I don't understand how people who dislike XSLT for its 'ugliness' can ever touch something so ugly as PHP or C++.

  • SCB (unregistered) in reply to Anonymous
    Anonymous:
    Andy Gottit:
    Back in 1998 or 1999, I don't remember which, I demonstrated how to steal real money from folks who would view my web page
    Sorry my friend but if you don't have a proof of concept you're just talking shit.

    How about:

    <html> <body> <script> document.write("send me some money") </script> </body> <html>
  • Anonymous (unregistered) in reply to Andy Gottit
    Andy Gottit:
    So what's your theory? Someone went to all the work of making the NoScript browser plugin, which is downloaded by over 600,000 people per week, just so we could all talk shit?
    You clearly didn't read my original post. I said proof of concept or you're just talking shit. The existence of NoScript is hardly a proof of concept for your 133t hax0ring skillz, is it? So, are you going to put your money where your mouth is? Just a proof of concept, it's hardly difficult assuming you've done what you say you have.
  • Andy Gottit (unregistered) in reply to Anonymous
    Anonymous:
    Andy Gottit:
    So what's your theory? Someone went to all the work of making the NoScript browser plugin, which is downloaded by over 600,000 people per week, just so we could all talk shit?
    You clearly didn't read my original post. I said proof of concept or you're just talking shit. The existence of NoScript is hardly a proof of concept for your 133t hax0ring skillz, is it? So, are you going to put your money where your mouth is? Just a proof of concept, it's hardly difficult assuming you've done what you say you have.
    No, it isn't difficult at all. However, there exist people in law enforcement, judges, and juries who are not shall we say net savvy. Some of them have in the past expressed their opinion that it is a crime for me to teach you how to commit a crime.

    If you want to hire me to penetration test your web site, we can talk. Of course you'll have to prove it is really your site. And, you probably can't afford me.

  • (cs) in reply to Andy Gottit
    Andy Gottit:
    Croc Dundee:
    Yeah, XML tales "full control" of your browser. How's that foil hat doing, protecting your brainwaves from *them*, I hope.
    Back in 1998 or 1999, I don't remember which, I demonstrated how to steal real money from folks who would view my web page with scripting enabled. At the time, at least 95% of web sites were vulnerable. It was considered "too hard to fix" and as of today, about 60% of web sites are still unfixed (with ignorant luzers producing more every day). So, of course, I surf with scripting turned off, as I would expect anyone else who knows what's going on would do.

    XML or not, with scripting turned off, that's how it looks. What, you think I made that up?

    since you're such a security genius who found a vulnerability that nobody else on the planet has ever found or written about how about to do the responsible thing and tell us what it is.

  • (cs)
    Whoevar:
    Voodoo Coder:
    Thats the most retarded looking fish I've ever seen.

    Now have a look at this one:

    http://img66.imageshack.us/img66/2443/psychrolutesmicroporoszt2.jpg http://img473.imageshack.us/img473/307/psychrolutes1tz6rs9.jpg

    So...that's what nightmares are made of...now I know.

  • (cs) in reply to Matthew

    LOLWUT?

    Just because something is XML doesn't mean it's not presentational. What's SVG?

  • Andy Gottit (unregistered) in reply to Kazan
    Kazan:
    Andy Gottit:
    Croc Dundee:
    Yeah, XML tales "full control" of your browser. How's that foil hat doing, protecting your brainwaves from *them*, I hope.
    Back in 1998 or 1999, I don't remember which, I demonstrated how to steal real money from folks who would view my web page with scripting enabled. At the time, at least 95% of web sites were vulnerable. It was considered "too hard to fix" and as of today, about 60% of web sites are still unfixed (with ignorant luzers producing more every day). So, of course, I surf with scripting turned off, as I would expect anyone else who knows what's going on would do.

    XML or not, with scripting turned off, that's how it looks. What, you think I made that up?

    since you're such a security genius who found a vulnerability that nobody else on the planet has ever found or written about how about to do the responsible thing and tell us what it is.

    I disclosed it responsibly at the time. It is very well known by most everyone in the business, except perhaps you.

  • dman (unregistered)

    That is freaking amazing. I remember running an Apple2e for 3 days to get the equivalent of that. And using XSLT - which (although I love it) is the most inefficient 'programming language' I've ever encountered.

    My current machine now renders the page without a blink. How far we've come.

    But the real astounding bit is that the XSL code itself is one of the shortest working XSL files I've seen. All real-world XSL I've touched is much much longer. o_O

  • (cs) in reply to Hans
    Hans:
    Ilyak:
    XSLT functions are called 'templates', and they are either called directly by name, or indirectly by using pattern-matching (feature available in a lot of more high-end functional languages).

    Any questions?

    Yes, two:

    1. Why are the default rules contradictory? I.e. why doesn't an empty XSLT program either copy the entire source or throw it all out, rather than copying elements and throwing out attributes?

    2. Would it have been possible to come up with a more painful syntax than this, or is this in fact the worst imaginable?

    The default template for something basically xsl:apply-templates/ So, you start at the root and go down the chain basically just applying templates to everything. At the bottom (a node with no children), you basically just get the value of those node (not a copy of the node)

    So, an XSLT with no rules in it, SHOULD just spit out all the text nodes of the document, not a copy of any XML.

    XSLT is wordy and hard to write. I've seen other attempts at XML-based templating languages and they're all equally ugly. I'd vote for using XSLT for templating or don't use XML for it at all.

  • Alex (unregistered)

    This thing crashed IE8 D:

  • (cs) in reply to Andy Gottit

    It's been 14 years, genius. It's entirely possible it got lost in the shuffle. Couldn't hurt you to disclose it again, could it?

    Either put up or shut up, sez I.

  • Pete (unregistered) in reply to Kazan

    It's called "cross site scripting", and is a well-known problem.

    Stealing real money probably involves some sort of driving someone else's browser to use their bank, paypal, ebay, etc. pages.

  • (cs) in reply to Andy Gottit
    Andy Gottit:
    Kazan:
    Andy Gottit:
    Croc Dundee:
    Yeah, XML tales "full control" of your browser. How's that foil hat doing, protecting your brainwaves from *them*, I hope.
    Back in 1998 or 1999, I don't remember which, I demonstrated how to steal real money from folks who would view my web page with scripting enabled. At the time, at least 95% of web sites were vulnerable. It was considered "too hard to fix" and as of today, about 60% of web sites are still unfixed (with ignorant luzers producing more every day). So, of course, I surf with scripting turned off, as I would expect anyone else who knows what's going on would do.

    XML or not, with scripting turned off, that's how it looks. What, you think I made that up?

    since you're such a security genius who found a vulnerability that nobody else on the planet has ever found or written about how about to do the responsible thing and tell us what it is.

    I disclosed it responsibly at the time. It is very well known by most everyone in the business, except perhaps you.

    Look, buddy, if you wanted to be taken seriously you wouldn't have started with a comment about how XSLT is going to "take over your computer" and then followed it up by talking about javascript.

  • Anonymous (unregistered) in reply to Andy Gottit
    Andy Gottit:
    I disclosed it responsibly at the time. It is very well known by most everyone in the business, except perhaps you.

    Ah yes, the good old "Emperor's new clothes" style argument. If you can't clearly see the truth of my argument, then you must not be cool enough.

    If you don't know the secret handshake we use to represent the Vulnerability That Must Not Be Named, then we simply can't discuss it. I'm not really sure how you render a handshake to ASCII anyway. Maybe with XSLT?

  • Andy Gottit (unregistered) in reply to Anonymous
    Anonymous:
    Andy Gottit:
    I disclosed it responsibly at the time. It is very well known by most everyone in the business, except perhaps you.

    Ah yes, the good old "Emperor's new clothes" style argument. If you can't clearly see the truth of my argument, then you must not be cool enough.

    If you don't know the secret handshake we use to represent the Vulnerability That Must Not Be Named, then we simply can't discuss it. I'm not really sure how you render a handshake to ASCII anyway. Maybe with XSLT?

    I can empty your bank account, rape your mother, and kill your dog just by having you open a web site with javascript enabled. Nuff said.

  • junkpile (unregistered) in reply to Andy Gottit
    Andy Gottit:
    Anonymous:
    Andy Gottit:
    I disclosed it responsibly at the time. It is very well known by most everyone in the business, except perhaps you.

    Ah yes, the good old "Emperor's new clothes" style argument. If you can't clearly see the truth of my argument, then you must not be cool enough.

    If you don't know the secret handshake we use to represent the Vulnerability That Must Not Be Named, then we simply can't discuss it. I'm not really sure how you render a handshake to ASCII anyway. Maybe with XSLT?

    I can empty your bank account, rape your mother, and kill your dog just by having you open a web site with javascript enabled. Nuff said.

    Nuff said indeed. Now we're all concerned for our well being. Good job proving your point to everyone...

    Captcha: nulla I'm gonna nulla your bank account, mother, and dog!

  • (cs) in reply to Pete
    Pete:
    It's called "cross site scripting", and is a well-known problem.

    Stealing real money probably involves some sort of driving someone else's browser to use their bank, paypal, ebay, etc. pages.

    if he is indeed running his mouth about XSS then his "nuke all JS" solution is overkill in the extreme.

  • (cs) in reply to Andy Gottit
    Andy Gottit:
    I can empty your bank account, rape your mother, and kill your dog just by having you open a web site with javascript enabled. Nuff said.

    thank you for proving our point for us you ignoramous.

    $5 says that if he does indeed have a vulnerability it's ActiveX and only works on IE3 :P

    Addendum (2009-04-29 13:59): s/ignoramous/ignoramus

  • SmarterThanThat (unregistered) in reply to junkpile

    Wow.... This is the farthest I've seen a troll get in a long time on TDWTF.

  • (cs) in reply to Andy Gottit
    Andy Gottit:
    I can empty your bank account, rape your mother, and kill your dog just by having you open a web site with javascript enabled. Nuff said.

    OMG!!1!!one!! yer scaree!

    plz send me teh codez plz??!?

  • (cs) in reply to Andy Gottit

    I'm afraid you've all been had. Could be TopCod3r, although it's not really his style. However, the way I read the original post, he as good as winked at the reader knowingly with:

    Andy Gottit:
    What, you think I made that up?

  • You didn't see me right (unregistered) in reply to Andy Gottit
    Andy Gottit:
    I can empty your bank account, rape your mother, and kill your dog just by having you open a web site with javascript enabled. Nuff said.

    Finally!!! Something useful on the internet after all this time. plz snd m3 teh c0d3z 2.

  • tulcod (unregistered) in reply to Anonymous
    Anonymous:
    Funny how, of all the stupid things people could draw with functional programming languages, they all end up drawing the Mandelbrot set. Am I the only one who long ago stopped being impressed by a computer's ability to plot f(z)-->z^2+c?

    all XML chatter aside, it's actually the ability to analyze if the iteration on z with, in the first iteration, z=0 is bounded for some c (which is the starting position on the complex plane). It is not a trivial problem to analyze this efficiently.

  • (cs)

    I rather like XSLT... I just don't like actually writing it. :|

  • bolt (unregistered)

    TRWTF is Andy Gottit

  • Andy Got tit (unregistered)

    OK I admit it, I thought mandlebrot was a pie, and XSL was going to steal my pie, so I made up lies about XSL to discredit it. Swiftly moving on to talk about javascript just covered my tracks.

    I am sorry for my deception, but even more sorry that I never got my mandlebrot pie.

  • (cs) in reply to Andy Got tit

    Trolls 1 - rest of posters 0

  • OldHand (unregistered) in reply to Philevans
    Philevans:
    Ilyak:
    "Even if it's variables are write-once and cannot vary."

    It's pretty much a norm for a purely-functional language, which XSLT is.

    Article authors' misunderstanding of this puts not XSLT into shame, but himself

    Dear lord! Someone else who understands what XSL is!

    The number of times that I've tried to explain this to someone, only to be met by a blank stare and a questioning "fun-shu-null . . . ?"

    Actually XSL is based on DSSSL, an ISO standard for SGML (ancestor of XML). I was involved in ISO that time and remeber the criticism that DSSSL was uncomfortable to work with sice it was based on Scheme.

    The joke is that when XSL came along, they simply replaced "(fun ...)" with "<fun>....</fun>" and everybody thought it was great...

    So it goes.

  • Micah (unregistered) in reply to Alex

    It didn't crash IE8 for me. It chugged though, but that should be expected.

Leave a comment on “Stupid Coding Tricks: XSLT Mandelbrot”

Log In or post as a guest

Replying to comment #:

« Return to Article