- From: Ted Shaneyfelt <tvs@hawaii.edu>
- Date: Fri, 13 Aug 2004 13:47:50 -1000
- To: public-qt-comments@w3.org
I know it's late, but concerning section 18.1.2 Calling Extension Func... The ability to execute extension functions represents a potential security weakness This is likely to quietly open countless security breaches where webmasters in the past have trusted xslt to be uploaded and to execute on their machines because of it's safe nature. By simply upgrading an operating system or other component, the system will quietly become vulnerable to simple attacks. The mistake of treating documents as programs that can perform arbitrary operations is what caused countless breaches in security when Microsoft allowed macros to be hidden in documents. They should have forseen it. We should have learned. An application that can cause changes to the system should always be clearly identified as such, not as innocent data. When an XML document invokes an XSLT through a PI, it should never have side-effects. To overcome the limitations, acompletely separate mime-type and filename extension should identify xml documents that can invoke XSLT with the ability to have side-effects. I propose the name "Extensible Markup Application", which everyone should treat like a program, not like data. content-type: application/xma filename-extension: .xma Then xml documents would continue to be trustworthy. Everyone should be able to trust XML files enough to not hesitate to click on them. Thank you for your consideration, Ted Shaneyfelt University of Hawaii
Received on Friday, 13 August 2004 23:46:42 UTC