Costello, Roger L. wrote:
Hi,
The briefing seems to suggest that XSLT is riddled with security
leaks, as any XSLT transform can invoke pretty much any
arbitrary function (apparently including, as the below XSLT
transform shows, any arbitrary Windows function).
A processor can provide such extension functions, sure. But
well, the same way you can do pretty weird things in Java or any
other programming languages. This is not a security hole, this is
a feature you can use or not. Of course, if you plan to execute a
program coming from the wild wild world, you have to very carefully
disable those features on your processor.
Regards,
--
Florent Georges
http://www.fgeorges.org/
--~------------------------------------------------------------------
XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
To unsubscribe, go to: http://lists.mulberrytech.com/xsl-list/
or e-mail: <mailto:xsl-list-unsubscribe(_at_)lists(_dot_)mulberrytech(_dot_)com>
--~--