Re: [xml] Re: [xslt] libxslt effects on _private member of libxml structures

From: Petr Pajas <pajas ufal ms mff cuni cz>
To: Luca Padovani <lpadovan CS UniBO IT>
Cc: xml gnome org, xslt gnome org, Claudio Sacerdoti_Coen <sacerdot CS UniBO IT>
Subject: Re: [xml] Re: [xslt] libxslt effects on _private member of libxml structures
Date: Tue, 25 Mar 2003 12:08:31 +0100

Luca Padovani <lpadovan CS UniBO IT> writes:

  For the stylesheet compilation, the document is modified and 
_private is used to attach the compiled operations to the nodes
in the stylesheet tree.


This may be OK as we assume the stylesheet becomes "opaque" after it is
compiled, even though a malicious user could in principle remember the
original DOM document...

  For the input documents, _private is used only when key() are
defined to attach the keys to the nodes.

[...]

So this is a problem (for Gdome2).


Gosh, this sounds true scary! It is not just gdome2 relaying on
application data stored in _private and there might be quite
practical, and definitely not malicious, reasons for remembering nodes
from both the input-document and xslt-stylesheet trees.

-- Petr

References:
- [xml] Re: [xslt] libxslt effects on _private member of libxml structures
  - From: Luca Padovani

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]