RE: [xsl] XSLT 2.0: Security concerns

> Yet another.  Long running stylesheets or infinite loops.  
> That's easy just kill the thread if it doesn't terminate 
> after a certain amount of time, say, 100 milliseconds.

One way of handling this in Saxon is by writing a TraceListener that
monitors execution. It may be possible to write a loop that doesn't generate
any calls on the TraceListener, but you would have to try quite hard. You
would certainly catch the people who have written long-running stylesheets
as a result of stupidity rather than out of deliberate malice.

Michael Kay
http://www.saxonica.com/

Current Thread
[xsl] XSLT 2.0: Security concerns Justin Johansson - Thu, 19 Jul 2007 00:25:15 +0900 David Carlisle - Wed, 18 Jul 2007 16:04:13 +0100 Robert Koberg - Wed, 18 Jul 2007 11:11:00 -0400 Justin Johansson - Thu, 19 Jul 2007 01:08:46 +0900 Michael Kay - Wed, 18 Jul 2007 20:26:24 +0100 <=

<- Previous	Index	Next ->
Re: [xsl] XSLT 2.0: Security concer, Justin Johansson	Thread	[xsl] Filtering/Removing Truly Dupl, Wasiq Shaikh
RE: [xsl] XSLT 2.0: Saxon et. al.: , Michael Kay	Date	RE: [xsl] search for aligned elemen, Michael Kay
	Month

<-prev [Thread] next->	<-prev [Date] next->
Month Index \| List Home