xml-dev - RE: [xml-dev] What the .... ? Referencing XSL stylesheets across domains

RE: [xml-dev] What the .... ? Referencing XSL stylesheets across domains

[ Lists Home | Date Index | Thread Index ]

To: <xml-dev@lists.xml.org>
Subject: RE: [xml-dev] What the .... ? Referencing XSL stylesheets across domains
From: "bryan" <bry@itnisk.com>
Date: Thu, 15 Aug 2002 11:08:48 +0200
Importance: Normal
In-reply-to: <4F4182C71C1FDD4BA0937A7EB7B8B4C1061BA9B0@red-msg-08.redmond.corp.microsoft.com>

Sebastian  Schnitzenbaumer wrote:
>>Why is it
>>dangerous to load an XSL from somewhere else?

Joshua Allen wrote:
>On the one hand, you could say, "It should treat XSLT processor the
same >way as CSS", but on the other hand you might say "thank heavens
that people >can't take control of my machine by exploiting buffer
overruns in the XSLT >processor."  

I don't think you could say "it should treat XSLT processor the same way
as CSS" what with the possibility to create extensions functions that
use vbscript, javascript, can call com components etc.

By the way, in case anyone didn't see this article:
http://www.theregister.co.uk/content/archive/24815.html

MS downloads wd-xsl to Windows-XP for search. Not the same subject but
somewhat related.

References:
- RE: [xml-dev] What the .... ? Referencing XSL stylesheets across domains
  - From: "Joshua Allen" <joshuaa@microsoft.com>

Prev by Date: RE: [xml-dev] Is XML Ubiquitous yet? (was Re: [xml-dev] Pushing SAX events out onto the Web?)
Next by Date: Re: [xml-dev] Pushing SAX events out onto the Web?
Previous by thread: RE: [xml-dev] What the .... ? Referencing XSL stylesheets across domains
Next by thread: RE: [xml-dev] What the .... ? Referencing XSL stylesheets across domains
Index(es):
- Date
- Thread