[tdwg-tapir] xslt stylesheets
20 Feb
2007
20 Feb
'07
12:12
Hi, we had a discussion at the developer meeting last week about security issues when allowing arbitrary xslts to be included in TAPIR responses. This allows people to transmit illegal content from your service domain. When playing with Firefox I found they dont even allow to apply stylesheets that come from a different domain as the XML containing the PI:
http://developer.mozilla.org/en/docs/ XSL_Transformations_in_Mozilla_FAQ#Why_isn.27t_my_stylesheet_applied.3F
This is very inconvenient, but I guess TAPIR services could behave the same way. Apply stylesheets only if they are coming from the same domain.
Have a nice week everyone, Markus
6514
Age (days ago)
6514
Last active (days ago)
0 comments
1 participants
participants (1)
-
Markus Döring