DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=28160>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=28160 need a property to disable all(?) extensions ------- Additional Comments From [EMAIL PROTECTED] 2004-04-20 14:20 ------- Rob, if I had a company with a single server that hosted hundreds of sites how would this work? I would want to give each company the option to disable extensions. Would a feature on the TransformerFactory suffice? Also you specifically mention that it is important to disable redirect. Why this one specifically? I'm trying to understand how disabling this will help in the long run given that the XSLT 2.0 draft has the new xsl:result-tree element which has an href attribute to create multiple result documents, and this is much like the Xalan extension element. Is it because the xalan:redirect would allow the web server to write to the file system when running requests from a client? Is there a security problem here? Presumably not just anyone can install resources (Java code, XML, XSL ...) on a webserver. Yes one could install a stylesheet that writes to the file system with xalan:redirect, or user extensions that do malicious things, but you could do that in the Java code that creates the TransformerFactory too. Regards, Brian Minchau --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
