Re: XSL and infinite loops

Play the video

Subject: Re: XSL and infinite loops
From: J-P S <jps@xxxxxxxxxxxxxxxxxxxx>
Date: Thu, 26 Aug 2004 19:52:17 +0100 (BST)

On Thu, 26 Aug 2004, David Carlisle wrote:

) so if you are trying to avoid DOS attacks you could try to restrict the
) select attribute so it only uses Xpaths that select descendent children

Is there a danger list for such attacks? Presumably things like the
attributes on xsl:output etc. are right out; and anything in the
additional namespace of something like saxon: would be considered suspect.

Would it be possible to construct a SafeXSL stylesheet, that transforms
any dangerous XSL out? My first instinct is yes, because XSL is
functional, but that's only an instinct.

Cheers,
J-P
-- 
Just one small point for those Warwick supporters who've weighed in with the
argument that "We use microchips to find lost pets, so why not missing
children?". Chips in animals aren't tracking devices, they're used - because
pets can't talk - to establish who their owners are once the animals have been
found. Or for identifying their bodies.

Current Thread
RE: XSL and infinite loops, (continued) Jarno.Elovirta - 26 Aug 2004 04:26:45 -0000 R. Guide - 26 Aug 2004 05:42:23 -0000 R. Guide - 26 Aug 2004 16:22:26 -0000 David Carlisle - 26 Aug 2004 17:08:02 -0000 J-P S - 26 Aug 2004 18:52:45 -0000 <=

<- Previous	Index	Next ->
Re: XSL and infinite loops, David Carlisle	Thread	from one node get the next no, Dionisio Ruiz de Z�r
Re: Urgent help required Node, Ranjan K. Baisak	Date	XSL taking very long, Tengshe, Ashish
	Month

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Subscribe in XML format

RSS 2.0
Atom 0.3

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >