Cart
[Home] [By Thread] [By Date] [Recent Entries]
For an initial comment, the same security restrictions that apply to GRDDL http://www.w3.org/2001/sw/grddl-wg/ so off the top of my head IIRC these are: 1. use of document function - can be used to read local files that you might not want accessible. 2. use of extension functions in your processor that can run other type of code - example msxsl script - but you don't have that problem 3. maybe XML security problems, stuff like external entities http://www.securiteam.com/securitynews/6D0100A5PU.html I would suppose libxml handles this well though, but have not done research on matter. By the way I need to sort of do the same thing in a project I am building. Would you like to discuss this further? I'm going to be offline for the next couple weeks starting tonight so if you say yes tomorrow I can't reply for a bit :) Cheers, Bryan Rasmussen On 7/26/07, Andrew Mason <andrew@xxxxxxxxxxxxxxx> wrote: I was wondering if there were any security considerations with allowing users to upload their own XSLT? I'm using libxsl which seems to guard against infinite loops etc.. but i was unsure if there were other things which I should consider from a security pov.
|
