Re: [xsl] XSLT programs that blur the distinction between p

Re: [xsl] XSLT programs that blur the distinction between program and data?

Subject: Re: [xsl] XSLT programs that blur the distinction between program and data?
From: "Michael Kay mike@xxxxxxxxxxxx" <xsl-list-service@xxxxxxxxxxxxxxxxxxxxxx>
Date: Sun, 10 Apr 2022 10:13:35 -0000

> In general, any interpreter treats its data as "the program" ...
>
> Needless to say using <xsl:evaluate> in unrestricted ways could be a
significant security risk,
>

Indeed. And I've certainly seen (and written) real applications in which
xsl:evaluate (or equivalent) was used to evaluate XPath expressions read from
cells in Excel spreadsheets. The operating system has no idea this is going
on, so the distinction between read permission and execute permission is
meaningless.

Michael Kay
Saxonica

Current Thread
[xsl] XSLT programs that blur the distinction between program and data? Roger L Costello costello@xxxxxxxxx - 9 Apr 2022 15:01:47 -0000 Norm Tovey-Walsh ndw@xxxxxxxxxx - 9 Apr 2022 16:14:17 -0000 Kevin Brown kevin.brown@xxxxxxxxxxxxxxxx - 10 Apr 2022 00:22:56 -0000 Dimitre Novatchev dnovatchev@xxxxxxxxx - 9 Apr 2022 18:11:16 -0000 Michael Kay mike@xxxxxxxxxxxx - 10 Apr 2022 10:13:36 -0000 <= Piez, Wendell A. (Fed) wendell.piez@xxxxxxxx - 12 Apr 2022 13:27:35 -0000 Liam R. E. Quin liam@xxxxxxxxxxxxxxxx - 9 Apr 2022 18:13:22 -0000 G. Ken Holman g.ken.holman@xxxxxxxxx - 10 Apr 2022 13:52:07 -0000

Current Thread

[xsl] XSLT programs that blur the distinction between program and data?
- Roger L Costello costello@xxxxxxxxx - 9 Apr 2022 15:01:47 -0000
  - Norm Tovey-Walsh ndw@xxxxxxxxxx - 9 Apr 2022 16:14:17 -0000
    - Kevin Brown kevin.brown@xxxxxxxxxxxxxxxx - 10 Apr 2022 00:22:56 -0000
  - Dimitre Novatchev dnovatchev@xxxxxxxxx - 9 Apr 2022 18:11:16 -0000
    - Michael Kay mike@xxxxxxxxxxxx - 10 Apr 2022 10:13:36 -0000 <=
      - Piez, Wendell A. (Fed) wendell.piez@xxxxxxxx - 12 Apr 2022 13:27:35 -0000
  - Liam R. E. Quin liam@xxxxxxxxxxxxxxxx - 9 Apr 2022 18:13:22 -0000
  - G. Ken Holman g.ken.holman@xxxxxxxxx - 10 Apr 2022 13:52:07 -0000

<- Previous	Index	Next ->
Re: [xsl] XSLT programs that blur t, Dimitre Novatchev dn	Thread	Re: [xsl] XSLT programs that blur t, Piez, Wendell A. (Fe
Re: [xsl] XSLT programs that blur t, Kevin Brown kevin.br	Date	[xsl] How to circumvent read-only p, Roger L Costello cos
	Month

<- Previous

Index

Next ->

Re: [xsl] XSLT programs that blur t, Dimitre Novatchev dn

Thread

Re: [xsl] XSLT programs that blur t, Piez, Wendell A. (Fe

Re: [xsl] XSLT programs that blur t, Kevin Brown kevin.br

Date

[xsl] How to circumvent read-only p, Roger L Costello cos

Month

<-prev [Thread] next->	<-prev [Date] next->
Month Index \| List Home