Re: additional tests + security issues

Ian Davis wrote:
>> You may be interested in
>>
>> http://jena.sourceforge.net/test/grddl/
>>
> 
> Neat.
> 
>> Three of these tests explore security issues.
>> I would like the jena implementation to refuse to honour the 
>> document() function at all, and disable some 'unsafe' XSLT2 features.
> 
> While I think that's an understandable approach it would preclude
> documents from referencing external descriptions of the RDF patterns. As
> a concrete example, I'm currently mulling over an alternative to
> Embedded RDF that allows the specification of markup semantics to be
> declared in an external file. The advantages of this approach are
> similar to those you get with referencing a single external CSS rather
> than having it inline in every document on a site, i.e. reusablity and
> seperation of concerns. To support this via GRDDL and XSLT I'd need to
> use the document function to access and parse the external metadata
> description.
> 
> 

That's a nice use case for the document() feature.

I'm working on another test case that shows unambiguously why document 
is unsafe.
For applets the rule is that the applet can access a URL on the same 
server as the applet came from; that would probably be OK. Otherwise, 
the transform is able to access documents as if it had the end-user's 
rights (most critically to read the local file system).

Jeremy

Received on Friday, 26 January 2007 10:29:28 UTC