RE: [xsl] XSLT 2.0: Security concerns

Cart

XML Editor - Download a Free Trial >

See What's New >

Buy Now >

[Home] [By Thread] [By Date] [Recent Entries]

Subject: RE: XSLT 2.0: Security concerns
From: "Michael Kay" <mike@xxxxxxxxxxxx>
Date: Wed, 18 Jul 2007 20:26:24 +0100

> Yet another.  Long running stylesheets or infinite loops.  
> That's easy just kill the thread if it doesn't terminate 
> after a certain amount of time, say, 100 milliseconds.

One way of handling this in Saxon is by writing a TraceListener that
monitors execution. It may be possible to write a loop that doesn't generate
any calls on the TraceListener, but you would have to try quite hard. You
would certainly catch the people who have written long-running stylesheets
as a result of stupidity rather than out of deliberate malice.

Michael Kay
http://www.saxonica.com/

Current Thread
XSLT 2.0: Security concerns Justin Johansson - 18 Jul 2007 14:55:40 -0000 David Carlisle - 18 Jul 2007 15:04:31 -0000 Robert Koberg - 18 Jul 2007 15:11:15 -0000 Justin Johansson - 18 Jul 2007 15:39:38 -0000 Michael Kay - 18 Jul 2007 19:26:44 -0000 <=

<- Previous	Index	Next ->
Re: XSLT 2.0: Security concer, Justin Johansson	Thread	XSLT 2.0: Character Output I, Sam Byland
RE: XSLT 2.0: Saxon et. al.: , Michael Kay	Date	RE: search for aligned elemen, Michael Kay
	Month

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >