Re: XInclude: security risk 1

Cart

XML Editor - Download a Free Trial >

See What's New >

Buy Now >

[Home] [By Thread] [By Date] [Recent Entries]

To: xml-dev@l...
Subject: Re: XInclude: security risk 1
From: Richard Tobin <richard@c...>
Date: Mon, 28 Oct 2002 17:38:30 GMT
Cc:
In-reply-to: <p04330100b9e080b82819@[192.168.254.4]>
Organization: HCRC, University of Edinburgh

On reflection, I think XInclude's security issues are really just a
subset of those that browsers have with XSLT, or at least are solvable
in the same way.  XSLT allows you to fetch data from a local file
using document("file:///whatever") and even allows you to pass out
that information as part of a URL in another document() call.

I checked what Mozilla does in this case, and it appears to refuse
to fetch a file: URL from a document() call in a remote stylesheet.

-- Richard

Follow-Ups:
- Re: XInclude: security risk 1
  - From: Elliotte Rusty Harold <elharo@m...>

References:
- XInclude: security risk 1
  - From: Elliotte Rusty Harold <elharo@m...>

Prev by Date: RE: What is XML For?
Next by Date: Re: XInclude: security risk 1
Previous by thread: Re: XInclude: security risk 1
Next by thread: Re: XInclude: security risk 1
Index(es):
- Date
- Thread

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >