W3C home > Mailing lists > Public > public-rdf-in-xhtml-tf@w3.org > April 2004


From: <bry@itnisk.com>
Date: Fri, 30 Apr 2004 05:58:17 -0400 (EDT)
To: public-rdf-in-xhtml-tf@w3.org
Message-Id: <200404301158812.SM01024@Debug>

In the GRDDL note it states under Security 
Considerations it states: 
"Implementors should pay special attention 
to the security implications of any media 
types that can cause the remote execution of 
any actions in the recipient's environment. 
In such cases, the discussion of 
the "application/postscript" type may serve 
as a model for considering other media types 
with remote execution capabilities.

Given the expressive power of XSLT, and the 
possibility to access external resources 
from a XSLT style sheet (e.g. through the 
document function or the xsl:import 
mechanism), implementors should take the 
appropriate measures to prevent malicious 
usage of this mechanism."

This seems to ignore the most dangerous 
aspect of the technique outline, that is to 
say an xsl-t that uses extension functions 
that then calls objects on the server. 

I'm not exactly sure anyhow what appropriate 
security measures the implementor should 
take, is it being suggested that all 
stylesheets used in this manner should be 
processed through first to make sure that 
there are no xsl:imports, xsl:includes, uses 
of the document function, extension 
functions, and so forth? Given that the 
model for xsl-t usage is a black box this 
seems to be a difficult to manage process. 
Received on Friday, 30 April 2004 07:10:52 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:50:17 UTC