[xslt] libxslt security framework
- From: Benjamin Vetter <vetter plainpicture de>
- To: xslt gnome org
- Subject: [xslt] libxslt security framework
- Date: Wed, 24 Jun 2009 21:56:28 +0200
Hi List,
I'm using libxslt through cpan's xml::libxslt.
When I use the Security Framework and deny anything through something like
sub violate { return 0; };
$security->register_callback( read_file => \&violate );
$security->register_callback( write_file => \&violate );
$security->register_callback( create_dir => \&violate );
$security->register_callback( read_net => \&violate );
$security->register_callback( write_net => \&violate );
the document() function fails like expected, but xsl:include or
xsl:import can import arbitrary additional stylesheets.
Is it a documented behaviour?
I think it's a rather unexpected behaviour and could potentially lead
to a security issue.
Comments appreciated.
I'm using libxslt-1.1.9
regards
Benjamin
--
Benjamin Vetter
IT / Informatik
plainpicture GmbH & Co. KG
Eimsbütteler Chausse 23
20259 Hamburg
++49 40 80 81 288 46
[
Date Prev][
Date Next] [
Thread Prev][Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]