Re: [xml] Re: [xslt] libxslt effects on _private member of libxmlstructures

From: Petr Pajas <pajas ufal ms mff cuni cz>
To: Luca Padovani <lpadovan CS UniBO IT>
Cc: xml gnome org, xslt gnome org,Claudio Sacerdoti_Coen <sacerdot CS UniBO IT>
Subject: Re: [xml] Re: [xslt] libxslt effects on _private member of libxmlstructures
Date: Tue, 25 Mar 2003 12:08:31 +0100

Luca Padovani <lpadovan@CS.UniBO.IT> writes:

>>   For the stylesheet compilation, the document is modified and 
>> _private is used to attach the compiled operations to the nodes
>> in the stylesheet tree.
>
> This may be OK as we assume the stylesheet becomes "opaque" after it is
> compiled, even though a malicious user could in principle remember the
> original DOM document...
>
>>   For the input documents, _private is used only when key() are
>> defined to attach the keys to the nodes.
> [...]
>
> So this is a problem (for Gdome2).

Gosh, this sounds true scary! It is not just gdome2 relaying on
application data stored in _private and there might be quite
practical, and definitely not malicious, reasons for remembering nodes
from both the input-document and xslt-stylesheet trees.

-- Petr

References:
- Re: [xslt] libxslt effects on _private member of libxml structures
  - From: Luca Padovani

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]