Releases · HL7/CDA-core-xsl

This release adds

USCDI v1 rendering support. Its main purpose to collect feedback at C-CDA IAT, but feedback through issues here is welcome too. See documentation for more
support for reordering of sections through a new parameter section-order documented in the parameters
support for rendering of ClinicalDocument/sdtc:statusCode

In addition, this release adds French (fr-fr) as supported language, and closes #13 and #25

Security Notice

In version 4.0.0, May 2018, a change was introduced where embedded base64 content was rendered in an iframe without an active sandbox. Before this version only base64 PDF content was allowed to do this. When an iframe is not sandboxed, it is possible that maliciously crafted base64 contents impose a security risk.

This has been mitigated in the following way:

Any iframe is now sandboxed. Sandboxed iframes instruct the browser to disallow plugins and a number of other things that make the rendering more safe. It also limits what can be rendered. For example pdf rendering requires a plug-in and is thus prohibited from rendering by default. Since a lot of CDA documents rely on pdf, a new parameter "limit-pdf" has been implemented. If your environment wants to allow for pdf rendering, you may set this parameter to 'no'
The sandbox attribute is not supported before Internet Explorer 9. To avoid potentially unsafe contents in older versions of Internet Explorer 9 and before, a switch has been added that prevents iframes under these browser versions entirely.

Users of versions 4.0.0 through 4.0.2 beta 9 of the stylesheet are encouraged to upgrade to version 4.0.2 beta 10 or up. Note: This stylesheet comes without warranty and should be locally tested by implementers before production release.

Tested against Microsoft Internet Explorer 9, 10, 11, Microsoft Edge (before and after move to chromium), Google Chrome, Firefox, Safari (macOS), and Mobile Safari (iOS)

This release adds

USCDI v1 rendering support. Its main purpose to collect feedback at C-CDA IAT, but feedback through issues here is welcome too. See documentation for more
support for reordering of sections through a new parameter section-order documented in the parameters
support for rendering of ClinicalDocument/sdtc:statusCode

In addition, this release adds French (fr-fr) as supported language, and closes #13

Security Notice

In version 4.0.0, May 2018, a change was introduced where embedded base64 content was rendered in an iframe without an active sandbox. Before this version only base64 PDF content was allowed to do this. When an iframe is not sandboxed, it is possible that maliciously crafted base64 contents impose a security risk.

This has been mitigated in the following way:

Any iframe is now sandboxed. Sandboxed iframes instruct the browser to disallow plugins and a number of other things that make the rendering more safe. It also limits what can be rendered. For example pdf rendering requires a plug-in and is thus prohibited from rendering by default. Since a lot of CDA documents rely on pdf, a new parameter "limit-pdf" has been implemented. If your environment wants to allow for pdf rendering, you may set this parameter to 'no'
The sandbox attribute is not supported before Internet Explorer 9. To avoid potentially unsafe contents in older versions of Internet Explorer 9 and before, a switch has been added that prevents iframes under these browser versions entirely.

Users of versions 4.0.0 through 4.0.2 beta 9 of the stylesheet are encouraged to upgrade to version 4.0.2 beta 10 or up. Note: This stylesheet comes without warranty and should be locally tested by implementers before production release.

Tested against Microsoft Internet Explorer 9, 10, 11, Microsoft Edge (before and after move to chromium), Google Chrome, Firefox, Safari (macOS), and Mobile Safari (iOS)

This alpha release adds USCDI v1 rendering support. Its main purpose to collect feedback at C-CDA IAT, but feedback through issues here is welcome too. See documentation for more

In addition, this alpha release adds French (fr-fr) as supported language, and closes #13

Security Notice

In version 4.0.0, May 2018, a change was introduced where embedded base64 content was rendered in an iframe without an active sandbox. Before this version only base64 PDF content was allowed to do this. When an iframe is not sandboxed, it is possible that maliciously crafted base64 contents impose a security risk.

This has been mitigated in the following way:

Any iframe is now sandboxed. Sandboxed iframes instruct the browser to disallow plugins and a number of other things that make the rendering more safe. It also limits what can be rendered. For example pdf rendering requires a plug-in and is thus prohibited from rendering by default. Since a lot of CDA documents rely on pdf, a new parameter "limit-pdf" has been implemented. If your environment wants to allow for pdf rendering, you may set this parameter to 'no'
The sandbox attribute is not supported before Internet Explorer 9. To avoid potentially unsafe contents in older versions of Internet Explorer 9 and before, a switch has been added that prevents iframes under these browser versions entirely.

Users of versions 4.0.0 through 4.0.2 beta 9 of the stylesheet are encouraged to upgrade to version 4.0.2 beta 10 or up. Note: This stylesheet comes without warranty and should be locally tested by implementers before production release.

Tested against Microsoft Internet Explorer 9, 10, 11, Microsoft Edge (before and after move to chromium), Google Chrome, Firefox, Safari (macOS), and Mobile Safari (iOS)

This alpha release adds USCDI v1 rendering support. Its main purpose to collect feedback at C-CDA IAT, but feedback through issues here is welcome too. See documentation for more

Security Notice

In version 4.0.0, May 2018, a change was introduced where embedded base64 content was rendered in an iframe without an active sandbox. Before this version only base64 PDF content was allowed to do this. When an iframe is not sandboxed, it is possible that maliciously crafted base64 contents impose a security risk.

This has been mitigated in the following way:

Any iframe is now sandboxed. Sandboxed iframes instruct the browser to disallow plugins and a number of other things that make the rendering more safe. It also limits what can be rendered. For example pdf rendering requires a plug-in and is thus prohibited from rendering by default. Since a lot of CDA documents rely on pdf, a new parameter "limit-pdf" has been implemented. If your environment wants to allow for pdf rendering, you may set this parameter to 'no'
The sandbox attribute is not supported before Internet Explorer 9. To avoid potentially unsafe contents in older versions of Internet Explorer 9 and before, a switch has been added that prevents iframes under these browser versions entirely.

Users of versions 4.0.0 through 4.0.2 beta 9 of the stylesheet are encouraged to upgrade to version 4.0.2 beta 10 or up. Note: This stylesheet comes without warranty and should be locally tested by implementers before production release.

Tested against Microsoft Internet Explorer 9, 10, 11, Microsoft Edge (before and after move to chromium), Google Chrome, Firefox, Safari (macOS), and Mobile Safari (iOS)

Security Notice

In version 4.0.0, May 2018, a change was introduced where embedded base64 content was rendered in an iframe without an active sandbox. Before this version only base64 PDF content was allowed to do this. When an iframe is not sandboxed, it is possible that maliciously crafted base64 contents impose a security risk.

This has been mitigated in the following way:

Any iframe is now sandboxed. Sandboxed iframes instruct the browser to disallow plugins and a number of other things that make the rendering more safe. It also limits what can be rendered. For example pdf rendering requires a plug-in and is thus prohibited from rendering by default. Since a lot of CDA documents rely on pdf, a new parameter "limit-pdf" has been implemented. If your environment wants to allow for pdf rendering, you may set this parameter to 'no'
The sandbox attribute is not supported before Internet Explorer 9. To avoid potentially unsafe contents in older versions of Internet Explorer 9 and before, a switch has been added that prevents iframes under these browser versions entirely.

Users of versions 4.0.0 through 4.0.2 beta 9 of the stylesheet are encouraged to upgrade to version 4.0.2 beta 10 or up. Note: This stylesheet comes without warranty and should be locally tested by implementers before production release.

Tested against Microsoft Internet Explorer 9, 10, 11, Microsoft Edge (before and after move to chromium), Google Chrome, Firefox, Safari (macOS), and Mobile Safari (iOS)

Security Notice

In version 4.0.0, May 2018, a change was introduced where embedded base64 content was rendered in an iframe without an active sandbox. Before this version only base64 PDF content was allowed to do this. When an iframe is not sandboxed, it is possible that maliciously crafted base64 contents impose a security risk.

This has been mitigated in the following way:

Any iframe is now sandboxed. Sandboxed iframes instruct the browser to disallow plugins and a number of other things that make the rendering more safe. It also limits what can be rendered. For example pdf rendering requires a plug-in and is thus prohibited from rendering by default. Since a lot of CDA documents rely on pdf, a new parameter "limit-pdf" has been implemented. If your environment wants to allow for pdf rendering, you may set this parameter to 'no'
The sandbox attribute is not supported before Internet Explorer 9. To avoid potentially unsafe contents in older versions of Internet Explorer 9 and before, a switch has been added that prevents iframes under these browser versions entirely.

Users of versions 4.0.0 through 4.0.2 beta 9 of the stylesheet are encouraged to upgrade to version 4.0.2 beta 10 or up. Note: This stylesheet comes without warranty and should be locally tested by implementers before production release.

Tested against Microsoft Internet Explorer 9, 10, 11, Microsoft Edge (before and after move to chromium), Google Chrome, Firefox, Safari (macOS), and Mobile Safari (iOS)

Security Notice

In version 4.0.0, May 2018, a change was introduced where embedded base64 content was rendered in an iframe without an active sandbox. Before this version only base64 PDF content was allowed to do this. When an iframe is not sandboxed, it is possible that maliciously crafted base64 contents impose a security risk.

This has been addressed since version 4.0.2 beta 8, September 2020 and mitigated in the following way:

The sandbox attribute is added to any base64 iframe other than application/pdf
The sandbox attribute is not supported before Internet Explorer 9. To avoid potentially unsafe contents in older versions of Internet Explorer 9 and before, a switch has been added that prevents iframes under these browser versions entirely.

Users of versions 4.0.0 and 4.0.1 of the stylesheet are encouraged to upgrade to version 4.0.2 beta 8 or up

This version updates the following:

Improved HTML conditionals for IE 9 and below versus up
Eliminated use of exslt:node-set thus restoring IE 11 and below compatibility. This required externalizing a lookup table for combinations of NarrativeBlock elements/attributes as part of the security mechanism. The file this table was externalized into is cda_narrativeblock.xml
Retested against Microsoft Internet Explorer 9, 10, 11, Microsoft Edge (before and after move to chromium), Google Chrome, Firefox, Safari
- There is one issue left with IE 10 and 11: See issue#5

Security Notice

In version 4.0.0, May 2018, a change was introduced where embedded base64 content was rendered in an iframe without an active sandbox. Before this version only base64 PDF content was allowed to do this. When an iframe is not sandboxed, it is possible that maliciously crafted base64 contents impose a security risk.

For version 4.0.2 beta 8 (this version), September 2020, this was reported and mitigated in the following way:

The sandbox attribute is added to any base64 iframe other than application/pdf
The sandbox attribute is not supported before Internet Explorer 9. To avoid potentially unsafe contents in older versions of Internet Explorer 9 and before, a switch has been added that prevents iframes under these browser versions entirely.

Users of versions 4.0.0 and 4.0.1 of the stylesheet are encouraged to upgrade to version 4.0.2 beta 8 (this version) or up

Improved performance of label retrieval by using xsl:key
Improved graceful fallback for label retrieval when default language is not en-us
Added various strings gathered through other uses of the same localization file

Note: beta3 exists in CDA.xsl release notes, but was never formally tagged here. Release notes for beta3:

Improved rendering of ClinicalDocument.confidentiality so the lock icon matches the font size

Migration of release from previous GForge environment

Circumvention for a warning from XSL 1.0 processors: "Non-text output nodes are ignored when writing an attribute, comment or PI."
Added support for (legal) authenticator sdtc:signatureText. This renders a small signature icon with mouse over text that reads that a signature is present, but that this signature has not been verified. If a thumbnail is present is will trail that title.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Releases: HL7/CDA-core-xsl

v4.1.0-beta.2

Uh oh!

v4.1.0-beta.1 - 2023-09-14

Uh oh!

4.1.0-alpha2 - 2023-05-10

Uh oh!

4.1.0-alpha1 - 2021-07-06

Uh oh!

4.0.2-beta11 - 2021-05-25

Uh oh!

4.0.2-beta10 - 2020-09-24

Uh oh!

4.0.2-beta9 - 2020-09-23

Uh oh!

4.0.2-beta8 - 2020-09-21

Uh oh!

4.0.2-beta4 - 2020-05-01

Uh oh!

4.0.2-beta2 - 2019-10-23

Uh oh!