|
Subject: Re: [xsl] Saxon vulnerability From: "Roger L Costello costello@xxxxxxxxx" <xsl-list-service@xxxxxxxxxxxxxxxxxxxxxx> Date: Sat, 8 Mar 2025 13:50:39 -0000 |
Thank you, Martin.
Is this accurate:
SAXON has a configuration property allowedProtocols that can be set to
"https,http" to allow only HTTPS and HTTP URIs to be resolved, while file URI
access should fail. However, currently, when doing this:
unparsed-text('file:///Windows/win.ini')
SAXON fails to block the parsing of the XML.
| Current Thread |
|---|
|
| <- Previous | Index | Next -> |
|---|---|---|
| Re: [xsl] Saxon vulnerability, Martin Honnen martin | Thread | Re: [xsl] Saxon vulnerability, Martin Honnen martin |
| Re: [xsl] Saxon vulnerability, Martin Honnen martin | Date | Re: [xsl] Saxon vulnerability, Martin Honnen martin |
| Month |