On Wed, Apr 22, 2009 at 1:42 PM, Felix Meschberger <fmesc...@gmail.com> wrote: > Hi, > > Carsten Ziegeler schrieb: >> ...scripts are >> only picked >> up from configured paths (libs and apps by default). So as long as the >> user is not allowed to write in these locations, everything should be fine. > > Well, there is a chance here, of course: Consider the node is created as > /content/bad with resource type "/content/malicious" and the script as > /content/malicious/html.esp...
> Then the request to /content/bad.html would in fact call the script. That's what I meant. > ...Of course, restricing scripts to live in side any of the > ResourceResolver.getSearchPath() or defining an excecution permission > would help resolve this issue. I personally would prefer the execution > permission approach (though it may fall short of scripting languages > calling into the resource resolver (or the repository directly) to load > included scripts ....)... Restricting scripts to ResourceResolver.getSearchPath() locations sounds much easier and less risky, at least until we have a concept of execution permissions. There's no real reason to have scripts anywhere else than under those search paths. -Bertrand