[XSL-LIST Mailing List Archive Home]
[By Thread]
[By Date]
On May 30, 2006, at 2:34 AM, Dimitre Novatchev wrote:
This was precisely the concern I had but lacked the language to express. Of course our system uses user input in XPath expressions. I'll have to go back and quadruple check that the origin and format of the variables are what I expect them to be or I could have some problems!
But I do wonder, how would you circumvent an XPath expression such as this?
select="//page[@name = $pagename]/content[@lang = $lang]/block[@id = $block_id]"
It seems to me that if the variables aren't exactly what the system expects, no match is found and no results are returned. Passing * as the $pagename also doesn't have the expected result since it seems be seen as the literal asterisk and not as the wildcard character. Am I missing something?
Thanks in advance and for this feedback. Very helpful indeed!
Ted Stresen-Reuter
Re: [xsl] XSL Injection, is it possible?
Subject: Re: [xsl] XSL Injection, is it possible? From: "G. T. Stresen-Reuter" <tedmasterweb@xxxxxxx> Date: Tue, 30 May 2006 13:16:54 +0100 |
On May 30, 2006, at 2:34 AM, Dimitre Novatchev wrote:
There are some applications that allow the end user to enter an XPath expression (oh, why does this sound somewhat familiar to me :o) ), and the possibility for *XPath Injection* is a very real one.
This was precisely the concern I had but lacked the language to express. Of course our system uses user input in XPath expressions. I'll have to go back and quadruple check that the origin and format of the variables are what I expect them to be or I could have some problems!
But I do wonder, how would you circumvent an XPath expression such as this?
select="//page[@name = $pagename]/content[@lang = $lang]/block[@id = $block_id]"
It seems to me that if the variables aren't exactly what the system expects, no match is found and no results are returned. Passing * as the $pagename also doesn't have the expected result since it seems be seen as the literal asterisk and not as the wildcard character. Am I missing something?
Thanks in advance and for this feedback. Very helpful indeed!
Ted Stresen-Reuter
Current Thread |
---|
|
<- Previous | Index | Next -> |
---|---|---|
Re: [xsl] XSL Injection, is it poss, M. David Peterson | Thread | Re: [xsl] XSL Injection, is it poss, Dimitre Novatchev |
Re: [xsl] XSL Injection, is it poss, G. T. Stresen-Reuter | Date | [xsl] [xml] using schemas/xslt/xinc, Nestor Urquiza |
Month |
Keywords