OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   Re: [xml-dev] XInclude: security risk 1

[ Lists Home | Date Index | Thread Index ]

On reflection, I think XInclude's security issues are really just a
subset of those that browsers have with XSLT, or at least are solvable
in the same way.  XSLT allows you to fetch data from a local file
using document("file:///whatever") and even allows you to pass out
that information as part of a URL in another document() call.

I checked what Mozilla does in this case, and it appears to refuse
to fetch a file: URL from a document() call in a remote stylesheet.

-- Richard





 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS