Re: [freenet-dev] xsl in fproxy
XSL is a pretty ugly and confusing way to do anything IMHO, I used it as a web templating language for a while and it was a nightmare. In short - its best avoided. Ian. Zlatin Balevsky wrote: Can anyone familiar with xsl list the differences between filtering html for anonimity-compromising content and filtering xsl transformations? If an xml file is filtered agains the current rules (no off-freenet links, no actions) and its corresponding xsl is made sure not to contain any such transformations will there be any additional issues freenet users should be concerned about? ___ Devl mailing list [EMAIL PROTECTED] http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl ___ Devl mailing list [EMAIL PROTECTED] http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] xsl in fproxy
--- Zlatin Balevsky [EMAIL PROTECTED] wrote: Can anyone familiar with xsl list the differences between filtering html for anonimity-compromising content and filtering xsl transformations? If an xml file is filtered agains the current rules (no off-freenet links, no actions) and its corresponding xsl is made sure not to contain any such transformations will there be any additional issues freenet users should be concerned about? I've used a bit of XSLT. Yes there is definately a security problem here, because XSLT let's you make varibles and perform string operations. It's just like any program--there's no general way to tell what the result will be except for running it (like Turing Machines). The only real solution I see is getting fred an XSLT processor and running the XML through it. You could then give the HTML to the browser. Short of that you could test the HTML for anything bad and let the browser do the process again. Do we really need XSLT? __ Gesendet von Yahoo! Mail - http://mail.yahoo.de Logos und Klingeltöne fürs Handy bei http://sms.yahoo.de ___ Devl mailing list [EMAIL PROTECTED] http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl
[freenet-dev] xsl in fproxy
Can anyone familiar with xsl list the differences between filtering html for anonimity-compromising content and filtering xsl transformations? If an xml file is filtered agains the current rules (no off-freenet links, no actions) and its corresponding xsl is made sure not to contain any such transformations will there be any additional issues freenet users should be concerned about? ___ Devl mailing list [EMAIL PROTECTED] http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl