Re: [xsl] XSLT 2.0: Security concerns

Subject: Re: [xsl] XSLT 2.0: Security concerns
From: David Carlisle <davidc@xxxxxxxxx>
Date: Wed, 18 Jul 2007 16:04:13 +0100
You might want to set ALLOW_EXTERNAL_FUNCTIONS to false,

and rather than trap uses of document() at the syntactic level  just use
a URI handler that doesn't allow things that you don't want to allow
(perhaps don't allow all uris, or only allow them into some secure
sandboxed directory, or whatever is appropriate)


The Numerical Algorithms Group Ltd is a company registered in England
and Wales with company number 1249803. The registered office is:
Wilkinson House, Jordan Hill Road, Oxford OX2 8DR, United Kingdom.

This e-mail has been scanned for all viruses by Star. The service is
powered by MessageLabs. 

Current Thread