Subject: RE: [xsl] The evaluate function From: "Matt G." <matt_g_@xxxxxxxxxxx> Date: Fri, 04 Jan 2002 01:43:20 |
Apart from all the issues mentioned by Mr.Kay, an eval() function makes it rather easy to open security holes in a style sheet.
For example, once you figured out you can put a XPath into
the nice "Enter your query here" field which is passed
directly to an eval() function, what will stop you from
entering document("file:///C/Documents and >Settings/Administrator/preferences.xml")?
Or, if extension functions may be called indiscriminately: mswin:delete("C:\*.*","recursive")
Current Thread |
---|
|
<- Previous | Index | Next -> |
---|---|---|
RE: [xsl] The evaluate function, Brinkman, Theodore | Thread | RE: [xsl] The evaluate function, Joerg Pietschmann |
Re: [xsl] Re: Re: Assignment no, dy, Terje Norderhaug | Date | [xsl] Re: Re: Re: Assignment no, dy, Dimitre Novatchev |
Month |