Re: [xsl] XSL and infinite loops

Subject: Re: [xsl] XSL and infinite loops
From: J-P S <jps@xxxxxxxxxxxxxxxxxxxx>
Date: Thu, 26 Aug 2004 19:52:17 +0100 (BST)
On Thu, 26 Aug 2004, David Carlisle wrote:

) so if you are trying to avoid DOS attacks you could try to restrict the
) select attribute so it only uses Xpaths that select descendent children

Is there a danger list for such attacks? Presumably things like the
attributes on xsl:output etc. are right out; and anything in the
additional namespace of something like saxon: would be considered suspect.

Would it be possible to construct a SafeXSL stylesheet, that transforms
any dangerous XSL out? My first instinct is yes, because XSL is
functional, but that's only an instinct.

Cheers,
J-P
-- 
Just one small point for those Warwick supporters who've weighed in with the
argument that "We use microchips to find lost pets, so why not missing
children?". Chips in animals aren't tracking devices, they're used - because
pets can't talk - to establish who their owners are once the animals have been
found. Or for identifying their bodies.

Current Thread