Re: [xsl] XSLT 1.1 comments -Examples please

Subject: Re: [xsl] XSLT 1.1 comments -Examples please
From: David Carlisle <davidc@xxxxxxxxx>
Date: Thu, 15 Feb 2001 13:14:47 GMT
> 2. A nasty. xsl:script to run a command rm -r * 

why restrict to xsl:script ? It's already possible to execute arbitrary
code in current processors. Have you any idea what 

<xsl:value-of select="x:xxx()"

does? (I haven't)

whether or not your extension functions can do damage depends on the
environment in which you choose to run them. Java and most scripting
langauges are set up to have the option of running in constrained
(more) secure environments, as usually is the default if accessed from a
browser. If you choose to run code picked up off this mailing list
in an unrestricted environment then you need to know what you are doing.
But that is basic precautions, it is nothing related to xsl:script,
which does not change the functionality available to extensions, it only
changes the way they are declared.


This message has been checked for all known viruses by Star Internet delivered
through the MessageLabs Virus Control Centre. For further information visit

 XSL-List info and archive:

Current Thread