Loading a relative path document (the recommended mechanism) within an XSLT transform fails in Safari in 10.3.9 and 10.4 systems. This can be easily seen in the http://svn.sinz.com/browser-tests/test3/index.xml page, which uses the document() mechanism to load some shared template/configuration data from the server rather than having it within each of the XSLT documents. This failure may be related to the same problem in bug #4054 where the XMLHttpRequest object is blocked from sending a request back to the originating server if the page was an XML/XSLT based page. The exact same code works fine if the page was XSLT transformed on the server and thus only HTML got served to the client (and JavaScript) If this is related to bug #4054 (which I believe it is), I would classify this as a major bug as it causes all manner of downstream problems and may have actual web security model implications which may even be useable in an exploit (I have not had time to try to build such an exploit if it is even possible - the concept is that with XML/XSLT and JavaScript within the generated HTML page, it may be that the security context would show up as local, thus allowing access to items that would otherwise should not be possible)