Subject: Re: [xsl] XSL and infinite loops From: J-P S <jps@xxxxxxxxxxxxxxxxxxxx> Date: Thu, 26 Aug 2004 19:52:17 +0100 (BST) |
On Thu, 26 Aug 2004, David Carlisle wrote: ) so if you are trying to avoid DOS attacks you could try to restrict the ) select attribute so it only uses Xpaths that select descendent children Is there a danger list for such attacks? Presumably things like the attributes on xsl:output etc. are right out; and anything in the additional namespace of something like saxon: would be considered suspect. Would it be possible to construct a SafeXSL stylesheet, that transforms any dangerous XSL out? My first instinct is yes, because XSL is functional, but that's only an instinct. Cheers, J-P -- Just one small point for those Warwick supporters who've weighed in with the argument that "We use microchips to find lost pets, so why not missing children?". Chips in animals aren't tracking devices, they're used - because pets can't talk - to establish who their owners are once the animals have been found. Or for identifying their bodies.
Current Thread |
---|
|
<- Previous | Index | Next -> |
---|---|---|
Re: [xsl] XSL and infinite loops, David Carlisle | Thread | [xsl] from one node get the next no, Dionisio Ruiz de Zár |
RE: [xsl] How to calculate rowspan?, anton | Date | Re: [xsl] misc. confusion on "footn, Wendell Piez |
Month |