W3C home > Mailing lists > Public > public-wsc-wg@w3.org > November 2006

ISSUE-3: Can XQuery/XPath contribute to attack vectors?

From: Web Security Context Issue Tracker <dean+cgi@w3.org>
Date: Tue, 21 Nov 2006 16:10:47 +0000 (GMT)
To: public-wsc-wg@w3.org
Message-Id: <20061121161047.834A7BDA8@w3c4.w3.org> 


ISSUE-3: Can XQuery/XPath contribute to attack vectors?

http://www.w3.org/2006/WSC/Group/track/issues/3

Raised by: Stephen Farrell
On product: Techniques

See the disposition of ACTION-3; in particular the note at [1].  The basic
question is how xpath and xquery, when used in conjunction with Web content, can
contribute to attacks against the secure display of security context information. 

The expectation is to revisit this issue when there is an actual draft of the
techniques document.

1. http://www.w3.org/mid/455A18E3.2040006@cs.tcd.ie
Received on Tuesday, 21 November 2006 16:10:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:44 GMT