KBD

Keith Devens .com

 Thursday, January 8, 2009 Flag waving
Although at the beginning the paradigm was worth consideration, now the entire effort in the primeval soup paradigm is self-... – Hubert P. Yockey (Information Theory and Molecular Biology, p336)
Home » Tag: XSLT

Tag: XSLT

Parents:

Daily link icon Saturday, July 10, 2004

Server-based XSLT transformations -- secure?

Say for the sake of discussion that I wanted to provide a service for people to transform XML documents by uploading their own XSLT files to my server. How insecure is this?

I know XSLT can get you into infinite recursion, but some kind of time limit on the script along with appropriate error handling would probably be enough to make that not too much of an issue. Potentially worse are things like the document() function that can suck any XML document into the stylesheet -- a person could make the server repeatedly download huge XML files in an attempt to cripple the server. I would hope that any XSLT processor I used would allow me to disable the document() function.

Are there any other security considerations to worry about with allowing people to execute arbitrary XSLT on your server?

Chain link icon Permalink | Comments? | Tags: XSLT | id 5000
05:26 (utc-4)
 

Daily link icon Friday, June 18, 2004

XPath and XSLT

It's time for me to learn XPath and XSLT. If anyone can recommend any references, tutorials, or books, I'd be very grateful.

I'm using the Python bindings for libxml2, and I kind of feel like I'm feeling around in the dark. It took me a while to figure out how to run an XPath expression using namespaces (and it took me a while to figure out that the reason my XPath expressions weren't working is because I needed to use namespaces in them).

Update: Well, I think I'm now on my way to being an XPath expert Smiley, but I get these xmlNode objects back and I'm not sure how to traverse them. node.children only seems to give me the text nodes, not a tree of all of its children.

Update again: I only have two questions: How do I execute an XPath expression from an arbitrary point in the document (not just from the root), and how come .children only seems to give me the first child? (From there I'm able to get the other siblings with .next)

Update: Argh! According to this diagram, .children only points to the head of the children (doubly-linked) list! I figured it would return a list of elements, just as xpathEval() did, though the underlying return value for that is xmlNodeSet, so that's why it wound up as a Python list.

Now I only need to figure out how to run an XPath expression from an arbitrary point in the document and I think I have everything I need.

Chain link icon Permalink | Comments? | Tags: XSLT | id 4953
13:34 (utc-4)
edited: 16:26 (utc-4)
 
January 2009
SunMonTueWedThuFriSat
 123
45678910
11121314151617
18192021222324
25262728293031



RSS feed RSS feed for Keith's Weblog
Atom feed Atom feed for Keith's Weblog
Weblog archive
Recent comments
  on 4 posts

Recent comments XML

new⇒The Elegant Universe

Well I have finally found the crazy​guy that preaches useless nonsence​in A...

Joseph Baxter: Jan 7, 11:07pm

I hate Norton Antivirus


SYMANTEC is very​cunning..
Symantec now have a​redeemable cash back offe...

CAN: Jan 4, 6:25pm

Spider solitaire

Hi everyone!

Glad to have found​this site.  I have enjoyed reading​the c...

flwrchld53: Jan 4, 5:30pm

The Escaped Prisoner: When God Is a Monster

if islam is afraid of one woman, it​is sad. it is sad that a lot of​muslim ...

alex: Jan 2, 1:56pm

Generated in about 0.143s.

(Used 10 db queries)
 
 
mobile phone