In general, any interpreter treats its data as "the program" ...
Needless to say using <xsl:evaluate> in unrestricted ways could be a
significant security risk,
Indeed. And I've certainly seen (and written) real applications in which
xsl:evaluate (or equivalent) was used to evaluate XPath expressions read from
cells in Excel spreadsheets. The operating system has no idea this is going on,
so the distinction between read permission and execute permission is
meaningless.
Michael Kay
Saxonica
--~----------------------------------------------------------------
XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
EasyUnsubscribe: http://lists.mulberrytech.com/unsub/xsl-list/1167547
or by email: xsl-list-unsub(_at_)lists(_dot_)mulberrytech(_dot_)com
--~--