Abstract:This paper provides recommendations for writing XSLT programs that will behave in an expected manner. However, it is not a general tutorial on how to write an XSLT program. The paper also identifies some known XML-related risks or concerns that can be mitigated with XSLT programs. In addition to a set of recommendations, the paper contains a “how to” section that shows how to use XSLT to perform common risk reduction tasks. These recommendations and samples of XSLT source code apply only to XSLT version 1.0.