Re: [xsl] Can an XSLT document invoke arbitrary extension f

Cart

XML Editor - Download a Free Trial >

See What's New >

Buy Now >

[Home] [By Thread] [By Date] [Recent Entries]

Subject: Re: Can an XSLT document invoke arbitrary extension functions?
From: Florent Georges <lists@xxxxxxxxxxxx>
Date: Mon, 26 Oct 2009 21:00:45 +0000 (GMT)

Costello, Roger L. wrote:

  Hi,

> The briefing seems to suggest that XSLT is
riddled with security
> leaks, as any XSLT transform can invoke pretty much
any
> arbitrary function (apparently including, as the below XSLT
> transform
shows, any arbitrary Windows function).

  A processor can provide such
extension functions, sure.  But
well, the same way you can do pretty weird
things in Java or any
other programming languages.  This is not a security
hole, this is
a feature you can use or not.  Of course, if you plan to execute
a
program coming from the wild wild world, you have to very carefully
disable
those features on your processor.

  Regards,

-- 
Florent Georges
http://www.fgeorges.org/

Current Thread

Can an XSLT document invoke arbitrary extension functions?
- Costello, Roger L. - 26 Oct 2009 20:40:45 -0000
  - Message not available
    - G. Ken Holman - 26 Oct 2009 20:54:21 -0000
  - Michael Kay - 26 Oct 2009 20:59:27 -0000
  - Florent Georges - 26 Oct 2009 21:07:45 -0000 <=
  - Dimitre Novatchev - 26 Oct 2009 21:42:57 -0000
  - Message not available
    - Wendell Piez - 26 Oct 2009 22:43:42 -0000
  - Message not available
    - Mark Wilson - 27 Oct 2009 18:00:59 -0000
      - Martin Honnen - 27 Oct 2009 18:09:18 -0000

<- Previous	Index	Next ->
RE: Can an XSLT document invo, Michael Kay	Thread	Re: Can an XSLT document invo, Dimitre Novatchev
RE: Can an XSLT document invo, Michael Kay	Date	Re: Can an XSLT document invo, Dimitre Novatchev
	Month

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >