Subject: Re: [xsl] XSLT programs that blur the distinction between program and data? From: "Michael Kay mike@xxxxxxxxxxxx" <xsl-list-service@xxxxxxxxxxxxxxxxxxxxxx> Date: Sun, 10 Apr 2022 10:13:35 -0000 |
> In general, any interpreter treats its data as "the program" ... > > Needless to say using <xsl:evaluate> in unrestricted ways could be a significant security risk, > Indeed. And I've certainly seen (and written) real applications in which xsl:evaluate (or equivalent) was used to evaluate XPath expressions read from cells in Excel spreadsheets. The operating system has no idea this is going on, so the distinction between read permission and execute permission is meaningless. Michael Kay Saxonica
Current Thread |
---|
|
<- Previous | Index | Next -> |
---|---|---|
Re: [xsl] XSLT programs that blur t, Dimitre Novatchev dn | Thread | Re: [xsl] XSLT programs that blur t, Piez, Wendell A. (Fe |
Re: [xsl] XSLT programs that blur t, Kevin Brown kevin.br | Date | [xsl] How to circumvent read-only p, Roger L Costello cos |
Month |