Subject: Re: [xsl] XSLT 1.1 comments -Examples please From: David Carlisle <davidc@xxxxxxxxx> Date: Thu, 15 Feb 2001 13:14:47 GMT |
> 2. A nasty. xsl:script to run a command rm -r * why restrict to xsl:script ? It's already possible to execute arbitrary code in current processors. Have you any idea what <xsl:value-of select="x:xxx()" xmlns:x="http://www.oracle.com.XSL/Transform/java/java.util.diediedie"/> does? (I haven't) whether or not your extension functions can do damage depends on the environment in which you choose to run them. Java and most scripting langauges are set up to have the option of running in constrained (more) secure environments, as usually is the default if accessed from a browser. If you choose to run code picked up off this mailing list in an unrestricted environment then you need to know what you are doing. But that is basic precautions, it is nothing related to xsl:script, which does not change the functionality available to extensions, it only changes the way they are declared. David _____________________________________________________________________ This message has been checked for all known viruses by Star Internet delivered through the MessageLabs Virus Control Centre. For further information visit http://www.star.net.uk/stats.asp XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
Current Thread |
---|
|
<- Previous | Index | Next -> |
---|---|---|
Re: [xsl] XSLT 1.1 comments -Exampl, Sebastian Rahtz | Thread | [xsl] lastIndexOf('char') and XSLT , Troadec Pascal |
RE: [xsl] XPath over DOM, Michael Kay | Date | Re: [xsl] CDATA back to its origina, Ruben Inoto |
Month |