Subject: RE: [xsl] xsl processors turn off extension functions From: bry@xxxxxxxxxx Date: Tue, 29 Jun 2004 13:26:50 +0200 |
> It's > surprisingly > common to find sites that are prepared to execute untrusted stylesheets, > which can cause arbitrary havoc if extension functions are not disabled. > Even with extension functions disabled, there's a denial-of-service risk. > I think also in light of GRDDL http://www.w3.org/2004/01/rdxh/spec that it is even more important. Of course GRDDL suffers under some other security problems as well.
Current Thread |
---|
|
<- Previous | Index | Next -> |
---|---|---|
RE: [xsl] XSL & CDATA Processing, Michael Kay | Thread | Processing an xml catalog in xslt, Nicolas Mailhot |
RE: [xsl] xsl processors turn off e, Michael Kay | Date | Processing an xml catalog in xslt, Nicolas Mailhot |
Month |