--- Zlatin Balevsky <[EMAIL PROTECTED]> wrote: > Can anyone familiar with xsl list the differences between filtering html > for anonimity-compromising content and filtering xsl transformations? > If an xml file is filtered agains the current rules (no off-freenet > links, no actions) and its corresponding xsl is made sure not to contain > any such transformations will there be any additional issues freenet > users should be concerned about?
I've used a bit of XSLT. Yes there is definately a security problem here, because XSLT let's you make varibles and perform string operations. It's just like any program--there's no general way to tell what the result will be except for running it (like Turing Machines). The only real solution I see is getting fred an XSLT processor and running the XML through it. You could then give the HTML to the browser. Short of that you could test the HTML for anything bad and let the browser do the process again. Do we really need XSLT? __________________________________________________________________ Gesendet von Yahoo! Mail - http://mail.yahoo.de Logos und Klingeltöne fürs Handy bei http://sms.yahoo.de _______________________________________________ Devl mailing list [EMAIL PROTECTED] http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl
