Re: [xslt] XSLT and Safari

From: Daniel Veillard <veillard redhat com>
To: The Gnome XSLT library mailing-list <xslt gnome org>
Subject: Re: [xslt] XSLT and Safari
Date: Wed, 11 Aug 2004 05:23:31 -0400

On Tue, Aug 10, 2004 at 03:57:21PM -0700, David Hyatt wrote:
> I can figure out all the imports/includes, use our own security 
> routines and recursion defenses when loading, and ultimately end up 
> with a bunch of xmlDocPtrs.  What I'd then like to do is be able to 

  As a reminder, with exslt:document set of extensions, a stylesheet
can output documents, you absolutely want to check the security API
  http://xmlsoft.org/XSLT/html/libxslt-security.html
anyway to block those writes.
  Also note the document() XSLT function does read at run-time,
you will need to catch those too I assume, the function is
  xsltDocumentFunctionLoadDocument()
which call
  xsltLoadDocument() 
itself calling
  xsltParseDocument() too

xsltParseDocument() seems central to the callback API to be designed,
it may come at parsing time or at runtime, but always need a dictionnary.

Daniel

-- 
Daniel Veillard      | Red Hat Desktop team http://redhat.com/
veillard redhat com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/

Follow-Ups:
- Re: [xslt] XSLT and Safari
  - From: Dave Hyatt

References:
- [xslt] XSLT and Safari
  - From: David Hyatt

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]