[xsl] xsl 1.1 security model?

Subject: [xsl] xsl 1.1 security model?
From: Francis Norton <francis@xxxxxxxxxxx>
Date: Wed, 21 Mar 2001 19:05:20 +0000
There's an interesting problem with xslt 1.1 client-side security.

Two of the main features are the document and script elements.

I think that the spec should say something about user-agents having the
ability to disable xsl:script (for anything except XSLT, of course).
 
And I think we should consider the implications of a non-script feature
which allows the transform to [a] write, say, a destructive shell file
to disk, and [b] update startup.cmd or whatever so that the file gets
called next time the machine reboots.
 
>From a security point of view, I want to treat XML files as data not
code. I particularly don't want justifiably paranoid firewall admins all
over the net blocking *.xsl? files at the http, ftp and email firewalls.

Perhaps we could we discuss which features should be enabled by default,
and whether they should be by default disabled for automatically invoked
stylesheets from external machines, or from any machine, or what? 

Francis.

 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list


Current Thread