Saxon provides this capability, but I don't know of any others.
You are right to highlight the importance of this feature. It's surprisingly
common to find sites that are prepared to execute untrusted stylesheets,
which can cause arbitrary havoc if extension functions are not disabled.
Even with extension functions disabled, there's a denial-of-service risk.
Michael Kay
-----Original Message-----
From: bry(_at_)itnisk(_dot_)com [mailto:bry(_at_)itnisk(_dot_)com]
Sent: 28 June 2004 19:22
To: xsl-list(_at_)lists(_dot_)mulberrytech(_dot_)com
Subject: [xsl] xsl processors turn off extension functions
Anyone know of a resource giving details of different
processors handling of
security for stylesheets containing extension functions, for
example which
processors it is possible to turn off extension function
support when calling an
individual stylesheet.
If not, what extra security functionality can you think of
that various
processors you work with provide?
--+------------------------------------------------------------------
XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
To unsubscribe, go to: http://lists.mulberrytech.com/xsl-list/
or e-mail:
<mailto:xsl-list-unsubscribe(_at_)lists(_dot_)mulberrytech(_dot_)com>
--+--