Re: [xsl] insecure xslt

Subject: Re: [xsl] insecure xslt
From: bryan rasmussen <rasmussen.bryan@xxxxxxxxx>
Date: Thu, 24 Nov 2005 15:17:12 +0100
> I wish we could discuss the google search appliance's XSL other than
> generalities. I think it sucks. The XML is fine, though not very
> descriptive. I don't understand why such a simple thing needs to be
> secret. (Maybe because it is lame?) (Can I be sued for these statements?)
>
> What I do (and it eliminates the bug) is use a servlet filter to get the
> form submission, form a query to submit to the appliance and get the
> results backs as XML to do with what I may.
>

Yes, this pretty much seems to be what google recommends if one wants
to use xslt that is beyond the simplest use cases.

Current Thread