|
Subject: Re: [xsl] HTML5 semantics and XSLT From: "Piez, Wendell A. (Fed) wendell.piez@xxxxxxxx" <xsl-list-service@xxxxxxxxxxxxxxxxxxxxxx> Date: Wed, 23 Feb 2022 18:36:09 -0000 |
Hi again, To Mike's question "And presumably any harm that can be done using this exploit could equally be done by executing untrusted HTML in the browser directly?" Indeed it could. These apparent or supposed 'vulnerabilities' are often not in the systems at all but in the systems they are wrapped inside. In this case the outer system is the one in which a user thinks an electronic document transmitted as an email attachment is somehow fundamentally different from an untrusted web site. (Or at least I think that's a big part of the problem here.) Cheers, Wendell XSL-List info and archive<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww. mulberrytech.com%2Fxsl%2Fxsl-list&data=04%7C01%7Cwendell.piez%40nist.gov%7C4f b0caa1e98d4d84cb5808d9f6ec3b37%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C6 37812316750696466%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzI iLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=L%2BPL9awsl7TSx%2B2kwBi0%2FzlaPX JyBGUG9UFnVH9zbaI%3D&reserved=0> EasyUnsubscribe<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2 F%2Flists.mulberrytech.com%2Funsub%2Fxsl-list%2F3302254&data=04%7C01%7Cwendel l.piez%40nist.gov%7C4fb0caa1e98d4d84cb5808d9f6ec3b37%7C2ab5d82fd8fa4797a93e05 4655c61dec%7C1%7C0%7C637812316750696466%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wL jAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=zTYUnnlVZm 7aSF8lyWN%2FiABB4luRGZbZgU2syrewUnE%3D&reserved=0> (by email<>)
| Current Thread |
|---|
|
| <- Previous | Index | Next -> |
|---|---|---|
| Re: [xsl] HTML5 semantics and XSLT, Piez, Wendell A. (Fe | Thread | Re: [xsl] HTML5 semantics and XSLT, Liam R. E. Quin liam |
| Re: [xsl] HTML5 semantics and XSLT, Piez, Wendell A. (Fe | Date | Re: [xsl] HTML5 semantics and XSLT, Liam R. E. Quin liam |
| Month |