[XSL-LIST Mailing List Archive Home]
[By Thread]
[By Date]
RE: [xsl] xsl processors turn off extension functions
|
Subject: RE: [xsl] xsl processors turn off extension functions From: "Michael Kay" <mhk@xxxxxxxxx> Date: Tue, 29 Jun 2004 10:43:18 +0100 |
Saxon provides this capability, but I don't know of any others. You are right to highlight the importance of this feature. It's surprisingly common to find sites that are prepared to execute untrusted stylesheets, which can cause arbitrary havoc if extension functions are not disabled. Even with extension functions disabled, there's a denial-of-service risk. Michael Kay > -----Original Message----- > From: bry@xxxxxxxxxx [mailto:bry@xxxxxxxxxx] > Sent: 28 June 2004 19:22 > To: xsl-list@xxxxxxxxxxxxxxxxxxxxxx > Subject: [xsl] xsl processors turn off extension functions > > Anyone know of a resource giving details of different > processors handling of > security for stylesheets containing extension functions, for > example which > processors it is possible to turn off extension function > support when calling an > individual stylesheet. > > If not, what extra security functionality can you think of > that various > processors you work with provide? > > > > > > > --+------------------------------------------------------------------ > XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list > To unsubscribe, go to: http://lists.mulberrytech.com/xsl-list/ > or e-mail: <mailto:xsl-list-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx> > --+-- >
| Current Thread |
|---|
|
| <- Previous | Index | Next -> |
|---|---|---|
| xsl processors turn off extension f, bry | Thread | RE: [xsl] Need help with special so, Andrew Welch |
| Re: [xsl] Converting HTML to plain , Max Romantschuk | Date | RE: [xsl] xsl processors turn off e, bry |
| Month |
Keywords