ISSUE-3: Can XQuery/XPath contribute to attack vectors? from Web Security Context Issue Tracker on 2006-11-21 (public-wsc-wg@w3.org from November 2006)

From: Web Security Context Issue Tracker <dean+cgi@w3.org>
Date: Tue, 21 Nov 2006 16:10:47 +0000 (GMT)
To: public-wsc-wg@w3.org
Message-Id: <20061121161047.834A7BDA8@w3c4.w3.org>

ISSUE-3: Can XQuery/XPath contribute to attack vectors?

http://www.w3.org/2006/WSC/Group/track/issues/3

Raised by: Stephen Farrell
On product: Techniques

See the disposition of ACTION-3; in particular the note at [1].  The basic
question is how xpath and xquery, when used in conjunction with Web content, can
contribute to attacks against the secure display of security context information. 

The expectation is to revisit this issue when there is an actual draft of the
techniques document.

1. http://www.w3.org/mid/455A18E3.2040006@cs.tcd.ie

Received on Tuesday, 21 November 2006 16:10:54 UTC