[xslt] libxslt security framework



Hi List,

I'm using libxslt through cpan's xml::libxslt.
When I use the Security Framework and deny anything through something like

sub violate { return 0; };
$security->register_callback( read_file  => \&violate );
$security->register_callback( write_file => \&violate );
$security->register_callback( create_dir => \&violate );
$security->register_callback( read_net   => \&violate );
$security->register_callback( write_net  => \&violate );

the document() function fails like expected, but xsl:include or
xsl:import can import arbitrary additional stylesheets.
Is it a documented behaviour?
I think it's a rather unexpected behaviour and could potentially lead
to a security issue.

Comments appreciated.
I'm using libxslt-1.1.9

regards
    Benjamin

-- 

Benjamin Vetter
IT / Informatik
plainpicture GmbH & Co. KG
Eimsbütteler Chausse 23
20259 Hamburg
++49 40 80 81 288 46



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]