Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Client-side XSLT, Validation and Data Security



Wendell Piez


Client-side XSLT (CSX) is often used in scenarios where data (in XML) from a remote server is provided to a user who processes it in some way, for example rendering it locally for display. That is, the server provides the data and the client does the work on that data to make it useful. However, that is not the only scenario in which CSX is useful. In an environment in which the user already has, or is in the process of creating, XML, CSX can be a convenient and powerful tool, enabling users to perform operations on their data, securely, on their own systems. The potential for this use of CSX is illustrated with uses of SaxonJS for several security-related applications.
Proceedings Title
Balisage Series on Markup Technologies
Conference Dates
August 2-6, 2021
Conference Location
Washington, DC, US
Conference Title
Balisage: The Markup Conference 2021


XML, XSLT, validation, OSCAL, Open Security Controls Assessment Language


Piez, W. (2021), Client-side XSLT, Validation and Data Security, Balisage Series on Markup Technologies, Washington, DC, US, [online],, (Accessed April 18, 2024)
Created November 22, 2021, Updated December 22, 2022