- From: Conal Tuohy <conal.tuohy@gmail.com>
- Date: Tue, 2 Jun 2015 17:19:33 +1000
- To: XProc Dev <xproc-dev@w3.org>
Received on Tuesday, 2 June 2015 07:20:20 UTC
I have been writing some web applications in XProc, using Calabash, and I've struck the issue that user-supplied (uploaded) XSLT transforms can present a security risk. Since XSLT is Turing complete it can provide a powerful extension mechanism for an XML-processing app, but you need to tightly control access to the web app itself unless you can run such XSLT in a sandbox. I had a vague but false memory that the p:xslt step had an option to enforce a kind of "safe mode". Alas it looks like wishful thinking. It seems to me that to perform secure XSLT processing one would need to be able to supply a URI resolver to prevent access to the local file system, and to disable any XSLT extension functions that might pose a risk, and perhaps even to enforce a timeout on XSLT execution. Has anyone implemented anything like this, either in Calabash or some other processor? Conal
Received on Tuesday, 2 June 2015 07:20:20 UTC