X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/db746519ebca6495342d836a77c0664977ee0d99..e3a09318a0686a7e3d01206f56ca6019c3c198e0:/doc/plugins/contrib/xslt/discussion.mdwn?ds=inline diff --git a/doc/plugins/contrib/xslt/discussion.mdwn b/doc/plugins/contrib/xslt/discussion.mdwn index a549681de..9cda02f88 100644 --- a/doc/plugins/contrib/xslt/discussion.mdwn +++ b/doc/plugins/contrib/xslt/discussion.mdwn @@ -14,3 +14,9 @@ this be used to attack the server where it is built? I know that xslt is really a full programming language, so I assume at least DOS attacks are possible. Can it also read other arbitrary files, run other programs, etc? --[[Joey]] + +> For the first point, agreed. It should probably check that the data file has a `.xml` extension also. Have now fixed. + +> For the second point, I think the main concern would be resource usage. XSLT is a pretty limited language; it can read other XML files, but it can't run other programs so far as I know. + +> -- [[KathrynAndersen]]