travismallen
Programmer
Hello all,
I've been trying to teach myself XML & XSLT and I've hit a spot that is beyond my knowledge.
I'm trying to convert some XML output to MS Excel. I found the following XSLT, but don't understand how it works:
<xsl:stylesheet version="1.0"
xmlns="urn:schemas-microsoft-com
ffice:spreadsheet"
xmlns:xsl=" xmlns:msxsl="urn:schemas-microsoft-com:xslt"
xmlns:user="urn:my-scripts"
xmlns="urn:schemas-microsoft-comfficeffice"
xmlns:x="urn:schemas-microsoft-comffice:excel"
xmlns:ss="urn:schemas-microsoft-comffice:spreadsheet" >
<xsl:template match="/">
<Workbook xmlns="urn:schemas-microsoft-comffice:spreadsheet"
xmlns="urn:schemas-microsoft-comfficeffice"
xmlns:x="urn:schemas-microsoft-comffice:excel"
xmlns:ss="urn:schemas-microsoft-comffice:spreadsheet"
xmlns:html=" <xsl:apply-templates/>
</Workbook>
</xsl:template>
<xsl:template match="/*">
<Worksheet>
<xsl:attribute name="ss:Name">
<xsl:value-of select="local-name(/*/*)"/>
</xsl:attribute>
<Table x:FullColumns="1" x:FullRows="1">
<Row>
<xsl:for-each select="*[position() = 1]/*">
<Cell>
<Data ss:Type="String">
<xsl:value-of select="local-name()"/>
</Data>
</Cell>
</xsl:for-each>
</Row>
<xsl:apply-templates/>
Can someone help me under stand what does what? Below is the XML. My goal is to create a table that has the parent and children field names as columns and repeats the parent information when the parent has more than one child.
Thanks, Travis
<?xml version="1.0"?>
<Records>
<Record>
<Field id="6236" name="Tracking ID" value="242167"/>
<Field id="6241" name="ISS Assigned Ref Number" value=""/>
<Field id="6242" name="Business Assigned Reference Number" value="ABC-2006-123"/>
<Field id="6243" name="Business Number Renewed" value="ABC-2005-123"/>
<Field id="6244" name="Type of RA" value="Renewal - Regular"/>
<Field id="6245" name="Sector" value="Tech"/>
<Field id="6246" name="Country" value="United States"/>
<Field id="6247" name="Date Requested" value="6/28/2006"/>
<Field id="6249" name="Business Unit/Area" value="Global Engineering"/>
<Field id="6250" name="Other Business Unit" value=""/>
<Field id="6251" name="Requested By" value="Allen, Travis "/>
<Field id="6252" name="Requestor's Position/Title" value="RAS Product Development - AVP"/>
<Field id="6253" name="Requestor's Email" value="travis@trav-tech.com"/>
<Field id="6254" name="Requestor's Tel." value="908-563-3265"/>
<Field id="6255" name="Product Name" value=""/>
<Field id="6259" name="Other Product" value=""/>
<Field id="6551" name="CSI App ID" value=""/>
<Field id="6260" name="Description" value="
The App provides users a secure remote connection to Trav-Tech resources. All Remote Desktop components are active and accepting connections; It is configured to run active across sites. Users connect to the Remote Desktop directly from the Internet using their local browser. Once authenticated, employees and consultants have access to Outlook Web Access, internal applications via terminal services, and access to browse intranet sites.
This RA only includes the Neoteris devices, Hoblink components and the web servers which the HobLink software resides on globally. Terminal Server is not part of this RA.
Neoteris is a Secure Socket Layer (SSL) Virtual Private Network (VPN) appliance that allows metered access
to back-end servers and resources through a single open port from the Internet. All traffic, no matter what 
the destination, is limited to SSL (Secure Socket Layer) communications via port 443, no other ports are 
required to be open to the Internet. Once connected users can access applications such as terminal services, 
Outlook Web Access, and browse intranet sites.
HobLink provides a web-based java solution that provides a configuration for access to Trav-TechTerminal 
Servers. HobLink Java Client for Windows Terminal Servers (JWT) is installed on an internal Web Server 
and runs as a browser-based program. A HobLink JWT configuration is completed for every business-aligned
terminal server farm.
When users connect to this site a pre-configured applet is downloaded to the client."/>
<Field id="6261" name="Primary Function" value="The App provides a secure method of remote access to Trav-Tech's network and applications for employees and consultants from the Internet. This platform provides a secure browser based method of remote access to Trav-Tech's internal corporate resources from the Internet for employees and consultants."/>
<Field id="6270" name="Technical Environment" value="Users connect via the Internet to a Virtual Internet Protocol (IP) address that redirects them to a Neoteris device using their local browser. Users are fully authenticated using Safeword or SecureID tokens. The Neoteris device is located in a Trav-Tech managed DeMilitarized Zone (DMZ). There are firewall rules in place on both the Internet and Trav-Tech sides of the DMZ to control access by users as well as administrative access to the Neoteris devices.
The web servers run Internet Information Services (IIS) version 5.0. The HobLink software and the ASP (Active Server Pages) code that makes up the main portal page at login are installed on this web server"/>
<Field id="6271" name="First Customer Type" value="Internal"/>
<Field id="6272" name="First Number" value="501 - 5,000"/>
<Field id="6273" name="Second Customer Type" value="External"/>
<Field id="6274" name="Second Number" value="26 - 100"/>
<Field id="6275" name="External Party Access" value="Yes"/>
<Field id="6276" name="Via Internet" value="Yes"/>
<Field id="6277" name="Daily" value="501 - 5,000"/>
<Field id="6278" name="Weekly" value="101 - 500"/>
<Field id="6279" name="Monthly" value="> 5,000"/>
<Field id="6280" name="Development Cost" value="$50,001 - $100,000"/>
<Field id="6281" name="Annual Support Cost" value="$5,001 - $50,000"/>
<Field id="6282" name="Value of assest controlled" value="> $1,000,000"/>
<Field id="6283" name="Outage Impact" value="Trav-Tech businesses who use Remote Desktop for COB or to allow employee access from outside Trav-Tech facilities would have to use alternate remote access in the event Remote Desktop is not available. No one would be able to connect to internal network using a browser impacting all employees and consultants working remotely."/>
<Field id="6284" name="Information Classification" value="Internal"/>
<Field id="6285" name="Inherent Risk" value="High"/>
<Field id="6286" name="Risk Acceptance Rationale" value="OTHER, please describe"/>
<Field id="6287" name="Risk Acceptance Rationale Detail" value="A system upgrade on the platform will eliminate all the ethical hacking findings also covered under CAP ENG0345 that impacts multiple regions."/>
<Field id="6288" name="Residual Risk" value="High"/>
<Field id="6852" name="Impact Other Business Units" value="N/A"/>
<Field id="6289" name="Risk Acceptance Expiration" value="6/29/2007"/>
<Field id="6292" name="Identifiable Cross-Business Risks" value="Trav-Tech businesses who use Remote Desktop for COB or to allow employee access from outside Trav-Tech facilities would have to use alternate remote access in the event Remote Desktop is not available."/>
<Field id="6293" name="Potential Impact to Other System" value="None. There is no impact to other systems"/>
<Field id="6296" name="Additional Compensating Controls" value="None"/>
<Field id="6294" name="Additional Information" value="None"/>
<Field id="6426" name="RA Issues">
<Record>
<Field id="6308" name="CISS Issue Description" value="8.3A - There exists sensitive information disclosure that allows a malicious user to view user's full name and portal permissions.
8.3B - Web server logs would attribute user activity to the wrong user based on the ID of the hardware authentication token.
8.3C- Cross site scripting: the only time input parameters other than authentication are needed is during the one time auto registration process, but user could supply arbitrary code within input parameters that could be executed. 
8.3D - Cross frame scripting: This refers to a possible exploit of sites using input of confidential information. User could potentially capture keyboard activity typed 
inside a malicious frame. This system in nature is a Intranet reverse proxy server and 
there is no transfer of keystokes input of confidential information. 
8.3E - Server-side include files: In the event that these files
contain sensitive information, such as application logic
or application credentials, this information would be
viewable anonymously.
8.3F - Forcefully Browsing: An unthenticated user can forcefully browse to files within the web application.
8.3G - Cross Site tracing: this is a form of cross site scripting and the same 
explanation as above applies.
8.3H - Incomplete directory listing: A complete directory listing is necessary in order to
perform a comprehensive test.
8.3I - Comments found in HTML and Java source code: Any additional unnecessary information that is provided to users is considered a risk."/>
<Field id="6309" name="Compensating Controls" value="8.3A - Users can only view their full name and username once they have successfully 
authenticated to Safeword or SecurID servers
8.3B - Only sites classified as internal (no authentication required) can be browsed without the 
need for second tier (Single Sign On or SOE login ID) authentication
8.3C-I - No compensating controls exists."/>
<Field id="6310" name="Action Plans" value="8.3 A-I -Neoteris SSL/VPN and backend webservers will be having a code upgrade that will address all ethical hacking issues. The two upgrades will be done at the same time for the fix to work. CAP 0345-GENG owned by Marcelo Medina in External Services Engineering has a target date of 3/30/2007 and will address all high risk finding that were a result of Ethical Hacks performed by the Vulnerability Assessment team."/>
<Field id="6307" name="CISS Issue-Values List" value="8.3 High-risk findings identified in the Vulnerability Assessment will be resolved before the product, service or application can go live or updates introduced into the production environment. The application or systems manager will maintain a record"/>
<Field id="6932" name="Risk Description" value="all kinds of risk"/>
</Record>
<Record>
<Field id="6308" name="CISS Issue Description" value="6.4.1 - System Admins can perform Information Security Administration functions including adding and deleting administrative accounts. This could lead to unauthorized changes by system administrators and coupled with violation 5.2.1, could go undetected."/>
<Field id="6309" name="Compensating Controls" value="6.4.1 - All changes performed by the system administrator are logged including the adding and deleting of administrative accounts. Once a change is detected the change reconciliation process is invoked by the Web Hosting compliance group. "/>
<Field id="6310" name="Action Plans" value="6.4.1 - Juniper Networks will add the Security Administrator component to their 5.3 software release scheduled for the end of June 2006. This new release will comply with the Trav-Tech Information Security Standards for segregation of duties. Audit CAP GENG0319BI has been opened to address this issue as well as other issues identified by ARR. 
This CAP is owned by Carl Frick of External Services Engineering and has a target date of 5/1/2"/>
<Field id="6307" name="CISS Issue-Values List" value="6.4.1 Commensurate with the Risk Level of the Information System, systems administration and security administration functions must be segregated to provide separation of duties for the same system."/>
<Field id="6932" name="Risk Description" value="just a couple"/>
</Record>
</Field>
</Record>
</Records>
___________________________
"I am what I am" - Popeye
Travis M. Allen
I've been trying to teach myself XML & XSLT and I've hit a spot that is beyond my knowledge.
I'm trying to convert some XML output to MS Excel. I found the following XSLT, but don't understand how it works:
<xsl:stylesheet version="1.0"
xmlns="urn:schemas-microsoft-com
ffice:spreadsheet"xmlns:xsl=" xmlns:msxsl="urn:schemas-microsoft-com:xslt"
xmlns:user="urn:my-scripts"
xmlns
="urn:schemas-microsoft-comfficeffice"xmlns:x="urn:schemas-microsoft-com
ffice:excel"xmlns:ss="urn:schemas-microsoft-com
ffice:spreadsheet" ><xsl:template match="/">
<Workbook xmlns="urn:schemas-microsoft-com
ffice:spreadsheet"xmlns
="urn:schemas-microsoft-comfficeffice"xmlns:x="urn:schemas-microsoft-com
ffice:excel"xmlns:ss="urn:schemas-microsoft-com
ffice:spreadsheet"xmlns:html=" <xsl:apply-templates/>
</Workbook>
</xsl:template>
<xsl:template match="/*">
<Worksheet>
<xsl:attribute name="ss:Name">
<xsl:value-of select="local-name(/*/*)"/>
</xsl:attribute>
<Table x:FullColumns="1" x:FullRows="1">
<Row>
<xsl:for-each select="*[position() = 1]/*">
<Cell>
<Data ss:Type="String">
<xsl:value-of select="local-name()"/>
</Data>
</Cell>
</xsl:for-each>
</Row>
<xsl:apply-templates/>
Can someone help me under stand what does what? Below is the XML. My goal is to create a table that has the parent and children field names as columns and repeats the parent information when the parent has more than one child.
Thanks, Travis
<?xml version="1.0"?>
<Records>
<Record>
<Field id="6236" name="Tracking ID" value="242167"/>
<Field id="6241" name="ISS Assigned Ref Number" value=""/>
<Field id="6242" name="Business Assigned Reference Number" value="ABC-2006-123"/>
<Field id="6243" name="Business Number Renewed" value="ABC-2005-123"/>
<Field id="6244" name="Type of RA" value="Renewal - Regular"/>
<Field id="6245" name="Sector" value="Tech"/>
<Field id="6246" name="Country" value="United States"/>
<Field id="6247" name="Date Requested" value="6/28/2006"/>
<Field id="6249" name="Business Unit/Area" value="Global Engineering"/>
<Field id="6250" name="Other Business Unit" value=""/>
<Field id="6251" name="Requested By" value="Allen, Travis "/>
<Field id="6252" name="Requestor's Position/Title" value="RAS Product Development - AVP"/>
<Field id="6253" name="Requestor's Email" value="travis@trav-tech.com"/>
<Field id="6254" name="Requestor's Tel." value="908-563-3265"/>
<Field id="6255" name="Product Name" value=""/>
<Field id="6259" name="Other Product" value=""/>
<Field id="6551" name="CSI App ID" value=""/>
<Field id="6260" name="Description" value="
The App provides users a secure remote connection to Trav-Tech resources. All Remote Desktop components are active and accepting connections; It is configured to run active across sites. Users connect to the Remote Desktop directly from the Internet using their local browser. Once authenticated, employees and consultants have access to Outlook Web Access, internal applications via terminal services, and access to browse intranet sites.
This RA only includes the Neoteris devices, Hoblink components and the web servers which the HobLink software resides on globally. Terminal Server is not part of this RA.
Neoteris is a Secure Socket Layer (SSL) Virtual Private Network (VPN) appliance that allows metered access
to back-end servers and resources through a single open port from the Internet. All traffic, no matter what 
the destination, is limited to SSL (Secure Socket Layer) communications via port 443, no other ports are 
required to be open to the Internet. Once connected users can access applications such as terminal services, 
Outlook Web Access, and browse intranet sites.
HobLink provides a web-based java solution that provides a configuration for access to Trav-TechTerminal 
Servers. HobLink Java Client for Windows Terminal Servers (JWT) is installed on an internal Web Server 
and runs as a browser-based program. A HobLink JWT configuration is completed for every business-aligned
terminal server farm.
When users connect to this site a pre-configured applet is downloaded to the client."/>
<Field id="6261" name="Primary Function" value="The App provides a secure method of remote access to Trav-Tech's network and applications for employees and consultants from the Internet. This platform provides a secure browser based method of remote access to Trav-Tech's internal corporate resources from the Internet for employees and consultants."/>
<Field id="6270" name="Technical Environment" value="Users connect via the Internet to a Virtual Internet Protocol (IP) address that redirects them to a Neoteris device using their local browser. Users are fully authenticated using Safeword or SecureID tokens. The Neoteris device is located in a Trav-Tech managed DeMilitarized Zone (DMZ). There are firewall rules in place on both the Internet and Trav-Tech sides of the DMZ to control access by users as well as administrative access to the Neoteris devices.
The web servers run Internet Information Services (IIS) version 5.0. The HobLink software and the ASP (Active Server Pages) code that makes up the main portal page at login are installed on this web server"/>
<Field id="6271" name="First Customer Type" value="Internal"/>
<Field id="6272" name="First Number" value="501 - 5,000"/>
<Field id="6273" name="Second Customer Type" value="External"/>
<Field id="6274" name="Second Number" value="26 - 100"/>
<Field id="6275" name="External Party Access" value="Yes"/>
<Field id="6276" name="Via Internet" value="Yes"/>
<Field id="6277" name="Daily" value="501 - 5,000"/>
<Field id="6278" name="Weekly" value="101 - 500"/>
<Field id="6279" name="Monthly" value="> 5,000"/>
<Field id="6280" name="Development Cost" value="$50,001 - $100,000"/>
<Field id="6281" name="Annual Support Cost" value="$5,001 - $50,000"/>
<Field id="6282" name="Value of assest controlled" value="> $1,000,000"/>
<Field id="6283" name="Outage Impact" value="Trav-Tech businesses who use Remote Desktop for COB or to allow employee access from outside Trav-Tech facilities would have to use alternate remote access in the event Remote Desktop is not available. No one would be able to connect to internal network using a browser impacting all employees and consultants working remotely."/>
<Field id="6284" name="Information Classification" value="Internal"/>
<Field id="6285" name="Inherent Risk" value="High"/>
<Field id="6286" name="Risk Acceptance Rationale" value="OTHER, please describe"/>
<Field id="6287" name="Risk Acceptance Rationale Detail" value="A system upgrade on the platform will eliminate all the ethical hacking findings also covered under CAP ENG0345 that impacts multiple regions."/>
<Field id="6288" name="Residual Risk" value="High"/>
<Field id="6852" name="Impact Other Business Units" value="N/A"/>
<Field id="6289" name="Risk Acceptance Expiration" value="6/29/2007"/>
<Field id="6292" name="Identifiable Cross-Business Risks" value="Trav-Tech businesses who use Remote Desktop for COB or to allow employee access from outside Trav-Tech facilities would have to use alternate remote access in the event Remote Desktop is not available."/>
<Field id="6293" name="Potential Impact to Other System" value="None. There is no impact to other systems"/>
<Field id="6296" name="Additional Compensating Controls" value="None"/>
<Field id="6294" name="Additional Information" value="None"/>
<Field id="6426" name="RA Issues">
<Record>
<Field id="6308" name="CISS Issue Description" value="8.3A - There exists sensitive information disclosure that allows a malicious user to view user's full name and portal permissions.
8.3B - Web server logs would attribute user activity to the wrong user based on the ID of the hardware authentication token.
8.3C- Cross site scripting: the only time input parameters other than authentication are needed is during the one time auto registration process, but user could supply arbitrary code within input parameters that could be executed. 
8.3D - Cross frame scripting: This refers to a possible exploit of sites using input of confidential information. User could potentially capture keyboard activity typed 
inside a malicious frame. This system in nature is a Intranet reverse proxy server and 
there is no transfer of keystokes input of confidential information. 
8.3E - Server-side include files: In the event that these files
contain sensitive information, such as application logic
or application credentials, this information would be
viewable anonymously.
8.3F - Forcefully Browsing: An unthenticated user can forcefully browse to files within the web application.
8.3G - Cross Site tracing: this is a form of cross site scripting and the same 
explanation as above applies.
8.3H - Incomplete directory listing: A complete directory listing is necessary in order to
perform a comprehensive test.
8.3I - Comments found in HTML and Java source code: Any additional unnecessary information that is provided to users is considered a risk."/>
<Field id="6309" name="Compensating Controls" value="8.3A - Users can only view their full name and username once they have successfully 
authenticated to Safeword or SecurID servers
8.3B - Only sites classified as internal (no authentication required) can be browsed without the 
need for second tier (Single Sign On or SOE login ID) authentication
8.3C-I - No compensating controls exists."/>
<Field id="6310" name="Action Plans" value="8.3 A-I -Neoteris SSL/VPN and backend webservers will be having a code upgrade that will address all ethical hacking issues. The two upgrades will be done at the same time for the fix to work. CAP 0345-GENG owned by Marcelo Medina in External Services Engineering has a target date of 3/30/2007 and will address all high risk finding that were a result of Ethical Hacks performed by the Vulnerability Assessment team."/>
<Field id="6307" name="CISS Issue-Values List" value="8.3 High-risk findings identified in the Vulnerability Assessment will be resolved before the product, service or application can go live or updates introduced into the production environment. The application or systems manager will maintain a record"/>
<Field id="6932" name="Risk Description" value="all kinds of risk"/>
</Record>
<Record>
<Field id="6308" name="CISS Issue Description" value="6.4.1 - System Admins can perform Information Security Administration functions including adding and deleting administrative accounts. This could lead to unauthorized changes by system administrators and coupled with violation 5.2.1, could go undetected."/>
<Field id="6309" name="Compensating Controls" value="6.4.1 - All changes performed by the system administrator are logged including the adding and deleting of administrative accounts. Once a change is detected the change reconciliation process is invoked by the Web Hosting compliance group. "/>
<Field id="6310" name="Action Plans" value="6.4.1 - Juniper Networks will add the Security Administrator component to their 5.3 software release scheduled for the end of June 2006. This new release will comply with the Trav-Tech Information Security Standards for segregation of duties. Audit CAP GENG0319BI has been opened to address this issue as well as other issues identified by ARR. 
This CAP is owned by Carl Frick of External Services Engineering and has a target date of 5/1/2"/>
<Field id="6307" name="CISS Issue-Values List" value="6.4.1 Commensurate with the Risk Level of the Information System, systems administration and security administration functions must be segregated to provide separation of duties for the same system."/>
<Field id="6932" name="Risk Description" value="just a couple"/>
</Record>
</Field>
</Record>
</Records>
___________________________
"I am what I am" - Popeye
Travis M. Allen