On May 30, 2006, at 2:34 AM, Dimitre Novatchev wrote:
There are some applications that allow the end user to enter an XPath
expression (oh, why does this sound somewhat familiar to me :o) ),
and the possibility for *XPath Injection* is a very real one.
This was precisely the concern I had but lacked the language to
express. Of course our system uses user input in XPath expressions.
I'll have to go back and quadruple check that the origin and format of
the variables are what I expect them to be or I could have some
problems!
But I do wonder, how would you circumvent an XPath expression such as
this?
select="//page[(_at_)name = $pagename]/content[(_at_)lang = $lang]/block[(_at_)id =
$block_id]"
It seems to me that if the variables aren't exactly what the system
expects, no match is found and no results are returned. Passing * as
the $pagename also doesn't have the expected result since it seems be
seen as the literal asterisk and not as the wildcard character. Am I
missing something?
Thanks in advance and for this feedback. Very helpful indeed!
Ted Stresen-Reuter
--~------------------------------------------------------------------
XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
To unsubscribe, go to: http://lists.mulberrytech.com/xsl-list/
or e-mail: <mailto:xsl-list-unsubscribe(_at_)lists(_dot_)mulberrytech(_dot_)com>
--~--