(anonymous) wrote: > To close the topic [1] I finally decided to follow the hints given by > Maciej Jaros and Merlissimo and created (since it seams nobody did this > already - please correct me, if I am wrong)
> "XSaLT: XSL/XSLT Simple and Lightweight Tool" [2] > Which is a very, very, very simple python cgi script that takes an url > (pointing to any XML source document) and an XSLT stylesheet. Both are > passed to lxml to transform the XML to a destination document. Any XSLT > stylesheet you might need can be added if you send me a mail. > [...] Please consider that very, very, very simple scripts typi- cally have very, very, very bad security protections :-). In this case, all files on the toolserver can be checked for existence, if they are XML files and the attacker can depos- it an XSLT file somewhere on the toolserver they can be read and accesses to external URLs can be triggered. Tim _______________________________________________ Toolserver-l mailing list (Toolserver-l@lists.wikimedia.org) https://lists.wikimedia.org/mailman/listinfo/toolserver-l Posting guidelines for this list: https://wiki.toolserver.org/view/Mailing_list_etiquette
