KBD

Keith Devens .com

 Wednesday, July 9, 2008 Flag waving
The very name "selection" implies that you're choosing between two or more variants. So that means that the end... – Dr. Walter Veith
Home » Tag: XSLT

Tag: XSLT

Parents:

Daily link icon Saturday, July 10, 2004

Server-based XSLT transformations -- secure?

Say for the sake of discussion that I wanted to provide a service for people to transform XML documents by uploading their own XSLT files to my server. How insecure is this?

I know XSLT can get you into infinite recursion, but some kind of time limit on the script along with appropriate error handling would probably be enough to make that not too much of an issue. Potentially worse are things like the document() function that can suck any XML document into the stylesheet -- a person could make the server repeatedly download huge XML files in an attempt to cripple the server. I would hope that any XSLT processor I used would allow me to disable the document() function.

Are there any other security considerations to worry about with allowing people to execute arbitrary XSLT on your server?

Chain link icon Permalink | Comments? | Tags: XSLT | id 5000
05:26 (utc-4)
 

Daily link icon Friday, June 18, 2004

XPath and XSLT

It's time for me to learn XPath and XSLT. If anyone can recommend any references, tutorials, or books, I'd be very grateful.

I'm using the Python bindings for libxml2, and I kind of feel like I'm feeling around in the dark. It took me a while to figure out how to run an XPath expression using namespaces (and it took me a while to figure out that the reason my XPath expressions weren't working is because I needed to use namespaces in them).

Update: Well, I think I'm now on my way to being an XPath expert Smiley, but I get these xmlNode objects back and I'm not sure how to traverse them. node.children only seems to give me the text nodes, not a tree of all of its children.

Update again: I only have two questions: How do I execute an XPath expression from an arbitrary point in the document (not just from the root), and how come .children only seems to give me the first child? (From there I'm able to get the other siblings with .next)

Update: Argh! According to this diagram, .children only points to the head of the children (doubly-linked) list! I figured it would return a list of elements, just as xpathEval() did, though the underlying return value for that is xmlNodeSet, so that's why it wound up as a Python list.

Now I only need to figure out how to run an XPath expression from an arbitrary point in the document and I think I have everything I need.

Chain link icon Permalink | Comments? | Tags: XSLT | id 4953
13:34 (utc-4)
edited: 16:26 (utc-4)
 
July 2008
SunMonTueWedThuFriSat
 12345
6789101112
13141516171819
20212223242526
2728293031 



RSS feed RSS feed for Keith's Weblog
Atom feed Atom feed for Keith's Weblog
Weblog archive
Recent comments
  on 2 posts

Recent comments XML

getElementsByClass function

http://pitfalls.wordpress.com/2008/​07/07/querying-it-jquery-way-getele​ments...

maxgandalf: Jul 7, 5:50am

Court rejects death penalty for raping children - Yahoo! News

:)...

Keith: Jul 4, 11:32am

Generated in about 0.136s.

(Used 10 db queries)
 
 
mobile phone