Subject: Re: [xsl] Can an XSLT document invoke arbitrary extension functions? From: Florent Georges <lists@xxxxxxxxxxxx> Date: Mon, 26 Oct 2009 21:00:45 +0000 (GMT) |
Costello, Roger L. wrote: Hi, > The briefing seems to suggest that XSLT is riddled with security > leaks, as any XSLT transform can invoke pretty much any > arbitrary function (apparently including, as the below XSLT > transform shows, any arbitrary Windows function). A processor can provide such extension functions, sure. But well, the same way you can do pretty weird things in Java or any other programming languages. This is not a security hole, this is a feature you can use or not. Of course, if you plan to execute a program coming from the wild wild world, you have to very carefully disable those features on your processor. Regards, -- Florent Georges http://www.fgeorges.org/
Current Thread |
---|
|
<- Previous | Index | Next -> |
---|---|---|
RE: [xsl] Can an XSLT document invo, Michael Kay | Thread | Re: [xsl] Can an XSLT document invo, Dimitre Novatchev |
RE: [xsl] Can an XSLT document invo, Michael Kay | Date | Re: [xsl] Can an XSLT document invo, Dimitre Novatchev |
Month |