W3C home > Mailing lists > Public > public-rdf-in-xhtml-tf@w3.org > March 2005

Re: GRDDL (security considerations of XSLT extensions)

From: Dan Connolly <connolly@w3.org>
Date: Tue, 22 Mar 2005 16:12:41 -0600
To: RDF in XHTML task force <public-rdf-in-xhtml-tf@w3.org>, bry@itnisk.com
Message-Id: <1111529561.8271.694.camel@localhost>

I'm reviewing comments on GRDDL since the Apr 2004 publication, and
I find yours. Apologies for the delay in responding...
http://lists.w3.org/Archives/Public/public-rdf-in-xhtml-tf/2004Apr/0003.html

> This seems to ignore the most dangerous 
> aspect of the technique outline, that is to 
> say an xsl-t that uses extension functions 
> that then calls objects on the server. 

We don't ignore that risk; we just note it by reference
rather than reiterating it...

|    (5)   PostScript is an extensible language, and many, if not
|          most, implementations of it provide a number of their
|          own extensions.  This document does not deal with such
|          extensions explicitly since they constitute an unknown
|          factor.  Message sending software should not make use
|          of nonstandard extensions; they are likely to be
|          missing from some implementations.  Message receiving
|          and displaying software should make sure that any
|          nonstandard PostScript operators are secure and don't
|          present any kind of threat.
  -- http://www.faqs.org/rfcs/rfc2046.html


> I'm not exactly sure anyhow what appropriate 
> security measures the implementor should 
> take, is it being suggested that all 
> stylesheets used in this manner should be 
> processed through first to make sure that 
> there are no xsl:imports, xsl:includes, uses 
> of the document function, extension 
> functions, and so forth?

It seems more straightforward to just turn those things off
in the XSLT processor. That what we do in the service that
we host.
  http://www.w3.org/2001/05/xslt


>  Given that the 
> model for xsl-t usage is a black box this 
> seems to be a difficult to manage process. 

Hmm... I'm not sure I understand what you mean there.

-- 
Dan Connolly, W3C http://www.w3.org/People/Connolly/
D3C2 887B 0F92 6005 C541  0875 0F91 96DE 6E52 C29E
Received on Tuesday, 22 March 2005 22:12:43 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:50:18 UTC