Hi List,
I'm using libxslt through cpan's xml::libxslt.
When I use the Security Framework and deny anything through something like
sub violate { return 0; };
$security->register_callback( read_file => \&violate );
$security->register_callback( write_file => \&violate );
$security->register_callback( create_dir => \&violate );
$security->register_callback( read_net => \&violate );
$security->register_callback( write_net => \&violate );
the document() function fails like expected, but xsl:include or
xsl:import can import arbitrary additional stylesheets.
Is it a documented behaviour?
I think it's a rather unexpected behaviour and could potentially lead
to a security issue.
Comments appreciated.
I'm using libxslt-1.1.9
regards
Benjamin
--
Benjamin Vetter
IT / Informatik
plainpicture GmbH & Co. KG
Eimsbütteler Chausse 23
20259 Hamburg
++49 40 80 81 288 46
_______________________________________________
xslt mailing list, project page http://xmlsoft.org/XSLT/
[email protected]
http://mail.gnome.org/mailman/listinfo/xslt
