xsl-list
[Top] [All Lists]

RE: [xsl] XSLT 2.0: Security concerns

2007-07-18 12:26:43
Yet another.  Long running stylesheets or infinite loops.  
That's easy just kill the thread if it doesn't terminate 
after a certain amount of time, say, 100 milliseconds.

One way of handling this in Saxon is by writing a TraceListener that
monitors execution. It may be possible to write a loop that doesn't generate
any calls on the TraceListener, but you would have to try quite hard. You
would certainly catch the people who have written long-running stylesheets
as a result of stupidity rather than out of deliberate malice.

Michael Kay
http://www.saxonica.com/



--~------------------------------------------------------------------
XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list
To unsubscribe, go to: http://lists.mulberrytech.com/xsl-list/
or e-mail: <mailto:xsl-list-unsubscribe(_at_)lists(_dot_)mulberrytech(_dot_)com>
--~--

<Prev in Thread] Current Thread [Next in Thread>