Hi, Rob.
Robert Koberg <[EMAIL PROTECTED]> wrote on 2004-12-07 05:45:31 PM:
> Speaking of security holes, has anything been done (or is planned to be)
> about the ability to turn off extensions (mainly xalan:redirect)? I
> cannot use Xalan in my server environment as I have to run untrusted
> stylesheets.
JAXP 1.3 defines a new feature that you can set on an instance of TransformerFactory, javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING. When we add support for JAXP 1.3, that feature should control whether extensions are supported.
Thanks,
Henry
------------------------------------------------------------------
Henry Zongaro Xalan development
IBM SWS Toronto Lab T/L 969-6044; Phone +1 905 413-6044
mailto:[EMAIL PROTECTED]
- Please be aware of the changes to some static variables i... Christine Li
- Re: Please be aware of the changes to some static va... Robert Koberg
- Re: Please be aware of the changes to some stati... Brian Minchau
- Re: Please be aware of the changes to some stati... Henry Zongaro
- Re: Please be aware of the changes to some s... Robert Koberg
- Re: Please be aware of the changes to some static va... Joseph Kesselman
