[XSL-LIST Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: XSL Injection, is it possible?
There are some applications that allow the end user to enter an XPath expression (oh, why does this sound somewhat familiar to me :o) ), and the possibility for *XPath Injection* is a very real one. Even if the user is only expected to enter an element name, if the input is not checked, it may contain an injected XPath expression. Search for "xpath injection".
On 5/29/06, G. T. Stresen-Reuter <tedmasterweb@xxxxxxx> wrote: Hi,
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|