[tdwg-tapir] xslt stylesheets
Markus Döring
m.doering at bgbm.org
Tue Feb 20 13:12:31 CET 2007
Hi,
we had a discussion at the developer meeting last week about security
issues when allowing arbitrary xslts to be included in TAPIR responses.
This allows people to transmit illegal content from your service
domain. When playing with Firefox I found they dont even allow to
apply stylesheets that come from a different domain as the XML
containing the PI:
http://developer.mozilla.org/en/docs/
XSL_Transformations_in_Mozilla_FAQ#Why_isn.27t_my_stylesheet_applied.3F
This is very inconvenient, but I guess TAPIR services could behave
the same way. Apply stylesheets only if they are coming from the same
domain.
Have a nice week everyone,
Markus
More information about the tdwg-tag
mailing list