]> sipb.mit.edu Git - ikiwiki.git/blobdiff - doc/plugins/contrib/xslt/discussion.mdwn
sipb-www / ikiwiki.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
now have fixed xslt plugin
[ikiwiki.git] / doc / plugins / contrib / xslt / discussion.mdwn
diff --git a/doc/plugins/contrib/xslt/discussion.mdwn b/doc/plugins/contrib/xslt/discussion.mdwn
index a549681de5838209ccfa23585c2d695392075d3c..9cda02f880c06ec7bd08852a2c777b1f0ec6eedd 100644 (file)
--- a/doc/plugins/contrib/xslt/discussion.mdwn
+++ b/doc/plugins/contrib/xslt/discussion.mdwn
@@ -14,3 +14,9 @@ this be used to attack the server where it is built? I know that xslt is
 really a full programming language, so I assume at least DOS attacks are
 possible. Can it also read other arbitrary files, run other programs, etc?
 --[[Joey]] 
+
+> For the first point, agreed.  It should probably check that the data file has a `.xml` extension also.  Have now fixed.
+
+> For the second point, I think the main concern would be resource usage.  XSLT is a pretty limited language; it can read other XML files, but it can't run other programs so far as I know.
+
+> -- [[KathrynAndersen]]
wiki compiler