Subject: Re: [xsl] XSLT 2.0: Security concerns From: David Carlisle <davidc@xxxxxxxxx> Date: Wed, 18 Jul 2007 16:04:13 +0100 |
You might want to set ALLOW_EXTERNAL_FUNCTIONS to false, see http://www.saxonica.com/documentation/using-xsl/embedding.html and rather than trap uses of document() at the syntactic level just use a URI handler that doesn't allow things that you don't want to allow (perhaps don't allow all uris, or only allow them into some secure sandboxed directory, or whatever is appropriate) Dav ________________________________________________________________________ The Numerical Algorithms Group Ltd is a company registered in England and Wales with company number 1249803. The registered office is: Wilkinson House, Jordan Hill Road, Oxford OX2 8DR, United Kingdom. This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. ________________________________________________________________________
Current Thread |
---|
|
<- Previous | Index | Next -> |
---|---|---|
[xsl] XSLT 2.0: Security concerns, Justin Johansson | Thread | Re: [xsl] XSLT 2.0: Security concer, Robert Koberg |
Re: [xsl] function-available() test, John McGowan | Date | Re: [xsl] XSLT 2.0: Security concer, Robert Koberg |
Month |