- From: Jeremy Carroll <jjc@hpl.hp.com>
- Date: Fri, 26 Jan 2007 10:28:55 +0000
- To: Ian Davis <Ian.Davis@talis.com>
- CC: public-grddl-wg@w3.org, "McBride, Brian" <brian.mcbride@hp.com>
Ian Davis wrote: >> You may be interested in >> >> http://jena.sourceforge.net/test/grddl/ >> > > Neat. > >> Three of these tests explore security issues. >> I would like the jena implementation to refuse to honour the >> document() function at all, and disable some 'unsafe' XSLT2 features. > > While I think that's an understandable approach it would preclude > documents from referencing external descriptions of the RDF patterns. As > a concrete example, I'm currently mulling over an alternative to > Embedded RDF that allows the specification of markup semantics to be > declared in an external file. The advantages of this approach are > similar to those you get with referencing a single external CSS rather > than having it inline in every document on a site, i.e. reusablity and > seperation of concerns. To support this via GRDDL and XSLT I'd need to > use the document function to access and parse the external metadata > description. > > That's a nice use case for the document() feature. I'm working on another test case that shows unambiguously why document is unsafe. For applets the rule is that the applet can access a URL on the same server as the applet came from; that would probably be OK. Otherwise, the transform is able to access documents as if it had the end-user's rights (most critically to read the local file system). Jeremy
Received on Friday, 26 January 2007 10:29:28 UTC