RE: The evaluate function

Play the video

Subject: RE: The evaluate function
From: Joerg Pietschmann <joerg.pietschmann@xxxxxx>
Date: Thu, 03 Jan 2002 18:20:02 +0100

Apart from all the issues mentioned by Mr.Kay, an eval()
function makes it rather easy to open security holes in
a style sheet.
For example, once you figured out you can put a XPath into
the nice "Enter your query here" field which is passed
directly to an eval() function, what will stop you from
entering
 document("file:///C/Documents and Settings/Administrator/preferences.xml")?
 :-)
Or, if extension functions may be called indiscriminately:
 mswin:delete("C:\*.*","recursive")

Regards
J.Pietschmann

 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list

Current Thread

RE: The evaluate function, (continued)
- Mark Feblowitz - Thu, 3 Jan 2002 08:35:17 -0500 (EST)
  - Evan Lenz - Thu, 3 Jan 2002 14:39:19 -0500 (EST)
- Joerg Pietschmann - Thu, 3 Jan 2002 12:18:54 -0500 (EST) <=
  - Michael Kay - Thu, 3 Jan 2002 13:05:48 -0500 (EST)
- Brinkman, Theodore - Thu, 3 Jan 2002 12:26:46 -0500 (EST)
- Matt G. - Thu, 3 Jan 2002 20:42:39 -0500 (EST)
- Joerg Pietschmann - Tue, 8 Jan 2002 08:14:48 -0500 (EST)

<- Previous	Index	Next ->
RE: The evaluate function, Evan Lenz	Thread	RE: The evaluate function, Michael Kay
leading : on qnames, David Carlisle	Date	Hopefully not a terribly sill, Morgan Goeller
	Month

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Subscribe in XML format

RSS 2.0
Atom 0.3

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >