- From: Conal Tuohy <conal.tuohy@gmail.com>
- Date: Wed, 3 Jun 2015 16:06:54 +1000
- To: "Imsieke, Gerrit, le-tex" <gerrit.imsieke@le-tex.de>
- Cc: XProc Dev <xproc-dev@w3.org>
- Message-ID: <CAErBQuRdugmvt-3mH5ngXbsvEME1_s9irWwzsvo2acjpxwQpTg@mail.gmail.com>
The risk that I see is from allowing the XSLT to read arbitrary files from the file system - though subject to file system security, of course. e.g. <xsl:stylesheet version="2.0" xmlns:xsl=" http://www.w3.org/1999/XSL/Transform"> <xsl:template match="/"> <xsl:copy-of select="document('file:///var/lib/tomcat7/conf/tomcat-users.xml')"/> </xsl:template> </xsl:stylesheet> On 3 June 2015 at 15:41, Imsieke, Gerrit, le-tex <gerrit.imsieke@le-tex.de> wrote: > Conal, > > Just want to throw in my two cents. I think p:xslt in itself is > harmless, particularly if you didn’t install any extension functions > with direct OS access. Even if the stylesheet uses xsl:result-document, > it won’t write stuff to disk by itself. These documents appear on the > secondary port and are typically handled by p:store if they need to be > stored to disk. So if your users are only able to upload their own XSLT > and if you don’t use their outputs as inputs for p:store or for the > options of EXProc file system steps such as p:delete, then you should be > safe. Apart from bad code that might cause stack overflows or excessive > computing times. Or am I missing something? > > > -- > Gerrit Imsieke > Geschäftsführer / Managing Director > le-tex publishing services GmbH > Weissenfelser Str. 84, 04229 Leipzig, Germany > Phone +49 341 355356 110, Fax +49 341 355356 510 > gerrit.imsieke@le-tex.de, http://www.le-tex.de > > Registergericht / Commercial Register: Amtsgericht Leipzig > Registernummer / Registration Number: HRB 24930 > > Geschäftsführer: Gerrit Imsieke, Svea Jelonek, > Thomas Schmidt, Dr. Reinhard Vöckler > >
Received on Wednesday, 3 June 2015 06:07:44 UTC