Re: [xsl] HTML5 semantics and XSLT2022-02-23 12:36:19Hi again, To Mike's question "And presumably any harm that can be done using this exploit could equally be done by executing untrusted HTML in the browser directly?" Indeed it could. These apparent or supposed 'vulnerabilities' are often not in the systems at all but in the systems they are wrapped inside. In this case the outer system is the one in which a user thinks an electronic document transmitted as an email attachment is somehow fundamentally different from an untrusted web site. (Or at least I think that's a big part of the problem here.) Cheers, Wendell XSL-List info and archive<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.mulberrytech.com%2Fxsl%2Fxsl-list&data=04%7C01%7Cwendell.piez%40nist.gov%7C4fb0caa1e98d4d84cb5808d9f6ec3b37%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C637812316750696466%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=L%2BPL9awsl7TSx%2B2kwBi0%2FzlaPXJyBGUG9UFnVH9zbaI%3D&reserved=0> EasyUnsubscribe<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.mulberrytech.com%2Funsub%2Fxsl-list%2F3302254&data=04%7C01%7Cwendell.piez%40nist.gov%7C4fb0caa1e98d4d84cb5808d9f6ec3b37%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C637812316750696466%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=zTYUnnlVZm7aSF8lyWN%2FiABB4luRGZbZgU2syrewUnE%3D&reserved=0> (by email<>) --~---------------------------------------------------------------- XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list EasyUnsubscribe: http://lists.mulberrytech.com/unsub/xsl-list/1167547 or by email: xsl-list-unsub(_at_)lists(_dot_)mulberrytech(_dot_)com --~--
|
|
||||||||||||||||