I agree that this is confusing, and perhaps the error message itself could at least clarify that it is a security issue, and that if the input is trusted then it is simple to turn the option back on.
There is a bit more information in the /usr/share/doc/libsaxonb- java/README.Debian file, clarifying that the default is different in the Debian (and thus Ubuntu) packaging of saxonb than in the original upstream distribution. It says: Calls on external Java functions disabled by default ---------------------------------------------------- By default, SaxonB enables calls on external Java functions to be embedded in stylesheets or queries. Such calls can invoke arbitrary Java methods and are thus a security risk when executing untrusted XSLT stylesheets of XQuery queries. For this reason, SaxonB in Debian comes with calls on external Java functions disabled by default. If you are using the command line interface to the XSLT 2.0 or XQuery processors of Saxon, you can enable this feature by passing the "-ext:on" flag to your command line invocation. If you are using SaxonB from its Java API you should set the Attribute "FeatureKeys.ALLOW_EXTERNAL_FUNCTIONS" to "true". See the API reference in the libsaxonb-java-doc package for more information. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/412517 Title: extension functions disabled in Saxon B XSLT 2.0 processor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/saxonb/+bug/412517/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
