xsl-list
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [xsl] XSLT programs that blur the distinction between program and data?

2022-04-10 05:13:42
from [Michael Kay mike(_at_)saxonica(_dot_)com] [Permanent Link] 

In general, any interpreter treats its data as "the program" ...

Needless to say using <xsl:evaluate> in unrestricted ways could be a 
significant security risk,



Indeed. And I've certainly seen (and written) real applications in which 
xsl:evaluate (or equivalent) was used to evaluate XPath expressions read from 
cells in Excel spreadsheets. The operating system has no idea this is going on, 
so the distinction between read permission and execute permission is 
meaningless.

Michael Kay
Saxonica
--~----------------------------------------------------------------
XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
EasyUnsubscribe: http://lists.mulberrytech.com/unsub/xsl-list/1167547
or by email: xsl-list-unsub(_at_)lists(_dot_)mulberrytech(_dot_)com
--~--
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [xsl] XSLT programs that blur the distinction between program and data?, Kevin Brown kevin(_dot_)brown(_at_)xportability(_dot_)com
Next by Date:  [xsl] How to circumvent read-only permission, Roger L Costello costello(_at_)mitre(_dot_)org
Previous by Thread:  Re: [xsl] XSLT programs that blur the distinction between program and data?, Dimitre Novatchev dnovatchev(_at_)gmail(_dot_)com
Next by Thread:  Re: [xsl] XSLT programs that blur the distinction between program and data?, Piez, Wendell A. (Fed) wendell(_dot_)piez(_at_)nist(_dot_)gov
Indexes:  [Date] [Thread] [Top] [All Lists]