[Pkg-zope-developers] Possible security issue in zope-zms: Can users specify their own xsl for import/export filtering

Stefan Fritsch sf at sfritsch.de
Fri Dec 2 17:02:00 UTC 2005

Previous message: [Pkg-zope-developers] Update Your Wells Fargo Account
Next message: [Pkg-zope-developers] Re: Possible security issue in zope-zms: Can users specify their own xsl for import/export filtering
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

libsaxon allows to execute arbitrary java methods from XSLTs and 
zope-zms uses libsaxon for import/export. If zope-zms allows users to 
configure filters with their own XSLTs this is obviuosly a security 
issue. Can you tell me whether ZMS allows this?

Thanks.

Cheers,
Stefan

Previous message: [Pkg-zope-developers] Update Your Wells Fargo Account
Next message: [Pkg-zope-developers] Re: Possible security issue in zope-zms: Can users specify their own xsl for import/export filtering
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Pkg-zope-developers mailing list