[Pkg-zope-developers] Re: Possible security issue in zope-zms: Can
users specify their own xsl for import/export filtering
Andreas Tille
tillea at rki.de
Sat Dec 3 18:55:44 UTC 2005
On Fri, 2 Dec 2005, Stefan Fritsch wrote:
> libsaxon allows to execute arbitrary java methods from XSLTs and
> zope-zms uses libsaxon for import/export. If zope-zms allows users to
> configure filters with their own XSLTs this is obviuosly a security
> issue. Can you tell me whether ZMS allows this?
This is an interesting question. Because I'm not competent to answer
this question I just foreward it to the ZMS developer mailing list.
Kind regards
Andreas.
--
http://fam-tille.de
More information about the Pkg-zope-developers
mailing list