[XSL-LIST Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: XSLT 1.1 comments -Examples please
> 2. A nasty. xsl:script to run a command rm -r * why restrict to xsl:script ? It's already possible to execute arbitrary code in current processors. Have you any idea what <xsl:value-of select="x:xxx()" xmlns:x="http://www.oracle.com.XSL/Transform/java/java.util.diediedie"/> does? (I haven't) whether or not your extension functions can do damage depends on the environment in which you choose to run them. Java and most scripting langauges are set up to have the option of running in constrained (more) secure environments, as usually is the default if accessed from a browser. If you choose to run code picked up off this mailing list in an unrestricted environment then you need to know what you are doing. But that is basic precautions, it is nothing related to xsl:script, which does not change the functionality available to extensions, it only changes the way they are declared. David _____________________________________________________________________ This message has been checked for all known viruses by Star Internet delivered through the MessageLabs Virus Control Centre. For further information visit http://www.star.net.uk/stats.asp XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|