[
https://issues.apache.org/jira/browse/SOLR-15121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17275220#comment-17275220
]
David Smiley commented on SOLR-15121:
-------------------------------------
Additionally, the functionality should be guarded by the "trusted" configSet
notion, just like the other scripting functionality is.
> Move XSLT (tr param) to scripting contrib
> -----------------------------------------
>
> Key: SOLR-15121
> URL: https://issues.apache.org/jira/browse/SOLR-15121
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: David Smiley
> Priority: Blocker
> Fix For: master (9.0)
>
>
> The XSLT functionality, present in both XML /update loading, and also in the
> response writer, ought to move to the "scripting" contrib module because XSLT
> is a type of scripting. XSLT is risky from a security standpoint, and so
> should not be in solr-core.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
