reply to comment

author http://kerravonsen.dreamwidth.org/ <http://kerravonsen.dreamwidth.org/@web>

Tue, 1 Dec 2009 23:30:25 +0000 (18:30 -0500)

committer Joey Hess <joey@kitenet.net>

Tue, 1 Dec 2009 23:30:25 +0000 (18:30 -0500)
author http://kerravonsen.dreamwidth.org/ <http://kerravonsen.dreamwidth.org/@web>
Tue, 1 Dec 2009 23:30:25 +0000 (18:30 -0500)
committer Joey Hess <joey@kitenet.net>
Tue, 1 Dec 2009 23:30:25 +0000 (18:30 -0500)
diff --git a/doc/plugins/contrib/xslt/discussion.mdwn b/doc/plugins/contrib/xslt/discussion.mdwn

index a549681de5838209ccfa23585c2d695392075d3c..3288150a4a52547c244c8a682b487c441b0cd56c 100644 (file)
--- a/doc/plugins/contrib/xslt/discussion.mdwn
+++ b/doc/plugins/contrib/xslt/discussion.mdwn
@@ -14,3 +14,9 @@ this be used to attack the server where it is built? I know that xslt is
  really a full programming language, so I assume at least DOS attacks are
  possible. Can it also read other arbitrary files, run other programs, etc?
  --[[Joey]] 
+
+> For the first point, agreed.  It should probably check that the data file has a `.xml` extension also.  Will fix soon.
+
+> For the second point, I think the main concern would be resource usage.  XSLT is a pretty limited language; it can read other XML files, but it can't run other programs so far as I know.
+
+> -- [[KathrynAndersen]]
author	http://kerravonsen.dreamwidth.org/ <http://kerravonsen.dreamwidth.org/@web>
	Tue, 1 Dec 2009 23:30:25 +0000 (18:30 -0500)
committer	Joey Hess <joey@kitenet.net>
	Tue, 1 Dec 2009 23:30:25 +0000 (18:30 -0500)