Lists Home |
Date Index |
>It is somewhat (though far
>from completely) mitigated by the fact that the document() function
>can only point to well-formed XML documents so it can't steal
>absolutely any file or URL.
You could combine it with an entity reference: use document() to refer
to an external document that has a file: entity reference. Then any
plain text without less-thans or ampersands will be well-formed.
I'm sure that current browsers must already prevent this, probably by
disallowing file: references from non-trusted documents.