Cart
[Home] [By Thread] [By Date] [Recent Entries]
Well the 'boundedness' of the code is determined by the processor which implements the specification. Boundedness is generally a function of environmental limitations, see Principle of Least Privilege. The example you gave was XSL-T, as a general rule while XSL-T is a Turing complete language like JavaScript it tends to have less privilege than JavaScript. Cheers, Bryan Rasmussen On Sat, Apr 12, 2008 at 1:15 PM, Costello, Roger L. <costello@m...> wrote: > Hi Folks, > > It just occurred to me ... > > We have determined that XML has two primary roles: > > 1. Encode behavior (instructions) > > 2. Encode data > > [Len, what does it mean to "encode script nodes?"] > > In its first role (encoding behavior), XML is mobile code. For > example, the XSLT vocabulary is an encoding of a certain behavior (i.e. > an encoding of a certain set of instructions), and when you transport > an XSLT document across the Internet, you are transporting code. > > When you transport, say, JavaScript code across the Internet, you know > the extent of the security implications since JavaScript is a bounded > syntax with bounded capabilities (and a bounded set of security > problems). > > But XML is unbounded, and the types of behavior that may be encoded in > XML is unbounded. Thus, there is no way, in general, to assess the > extent of the security implications for arbitrary XML documents. > Yikes! > > I am surely missing something. Please tell me where my thinking errs. > > /Roger > > > _______________________________________________________________________ > > XML-DEV is a publicly archived, unmoderated list hosted by OASIS > to support XML implementation and development. To minimize > spam in the archives, you must subscribe before posting. > > [Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/ > Or unsubscribe: xml-dev-unsubscribe@l... > subscribe: xml-dev-subscribe@l... > List archive: http://lists.xml.org/archives/xml-dev/ > List Guidelines: http://www.oasis-open.org/maillists/guidelines.php > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
