RE: XSLT 2.0: Security concerns

Play the video

Subject: RE: XSLT 2.0: Security concerns
From: "Michael Kay" <mike@xxxxxxxxxxxx>
Date: Wed, 18 Jul 2007 20:26:24 +0100

> Yet another.  Long running stylesheets or infinite loops.  
> That's easy just kill the thread if it doesn't terminate 
> after a certain amount of time, say, 100 milliseconds.

One way of handling this in Saxon is by writing a TraceListener that
monitors execution. It may be possible to write a loop that doesn't generate
any calls on the TraceListener, but you would have to try quite hard. You
would certainly catch the people who have written long-running stylesheets
as a result of stupidity rather than out of deliberate malice.

Michael Kay
http://www.saxonica.com/

Current Thread
XSLT 2.0: Security concerns Justin Johansson - 18 Jul 2007 14:55:40 -0000 David Carlisle - 18 Jul 2007 15:04:31 -0000 Robert Koberg - 18 Jul 2007 15:11:15 -0000 Justin Johansson - 18 Jul 2007 15:39:38 -0000 Michael Kay - 18 Jul 2007 19:26:44 -0000 <=

<- Previous	Index	Next ->
Re: XSLT 2.0: Security concer, Justin Johansson	Thread	XSLT 2.0: Character Output I, Sam Byland
RE: XSLT 2.0: Saxon et. al.: , Michael Kay	Date	RE: search for aligned elemen, Michael Kay
	Month

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Subscribe in XML format

RSS 2.0
Atom 0.3

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >