Cart
|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Seeking Examples of XSLT Memory Stress
 Liam Quin wrote: > On Wed, Aug 17, 2005 at 11:44:30AM -0400, Robert Koberg wrote: > >>Michael Kay wrote: >> >>>Saxon already has an extension, saxon:discard-document(), designed to >>>achieve that. >> >>I did not know that and it is good to know. I disable extensions (and >>don't really investigate them) as I run some untrusted XSLs in my CMS >>webapp. > > Watch that an XSLT transform can read (or try to read) any > file on your system and can open arbitrary http (and often ftp) > connections on arbitrary ports. I use custom URIResolvers for the factory and the transformer to handle this type of thing. A project's XSL for import/include is resolved in the factory's resolver (first looking in the project workspace, then in a default location). XML brought in through the document function is resolved in the transformer's resolver. The resolvers basically chroot jail the transformation to their project's workspace and the default/fallback location. best, -Rob > > >>Any chance of this type of thing getting into the spec? > > > If the document falls out of scope then both XSLT 1 and 2 allow > an implementation to discard it. I don't think we'll see a > procedural way to discard a document otherwise, except as > part of something like the XQuery update facility perhaps. > > Liam > 
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||
