[XSL-LIST Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Can an XSLT document invoke arbitrary extension f
Hi,
I scanned the slides cited and I actually found nothing to disagree with (though it's not my area of expertise). The author is clearly talking about XSLT being used for things it wasn't primarily intended for by developers who are in over their heads and haven't come to terms with what XSLT or XSLT engines can do. If this makes it a security hazard in that application context, that's not really about XSLT but about the way it's being used. As I see it, that kind of problem actually goes with the territory of its being a powerful and capable technology, not something always to be avoided on principle. I agree that the particular example of a Xalan extension supposedly being used to execute arbitrary code is over the top; but the argument being made in the slides doesn't actually depend on this example. Cheers, Wendell At 04:40 PM 10/26/2009, Roger wrote: Hi Folks, ====================================================================== Wendell Piez mailto:wapiez@xxxxxxxxxxxxxxxx Mulberry Technologies, Inc. http://www.mulberrytech.com 17 West Jefferson Street Direct Phone: 301/315-9635 Suite 207 Phone: 301/315-9631 Rockville, MD 20850 Fax: 301/315-8285 ---------------------------------------------------------------------- Mulberry Technologies: A Consultancy Specializing in SGML and XML ======================================================================
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|