RE: xsl processors turn off extension functions2004-06-29 04:26:50It's surprisingly common to find sites that are prepared to execute untrusted stylesheets, which can cause arbitrary havoc if extension functions are not disabled. Even with extension functions disabled, there's a denial-of-service risk. I think also in light of GRDDL http://www.w3.org/2004/01/rdxh/spec that it is even more important. Of course GRDDL suffers under some other security problems as well.
|
|
||||||||||||||||