Hi Noah, Noah Slater wrote:
I guess you're referring to the security framework in libxslt: http://xmlsoft.org/XSLT/html/libxslt-security.html
Looks like that could be the thing, though I wouldn't know for sure as am not familiar with the underlying API to libxslt.
I do not know what exactly it is meant to do, though. How can you create files in the current XSLT implementation?
I think it may be an extension to XSLT that libxslt implements. I use this when I am chunking my DocBook documents. See:
http://www.sagehill.net/docbookxsl/Chunking.html
The DocBook stylesheets generate multiple files and will create them (and the dirs) if necessary.
I looked through that a bit. It seems to use EXSLT:document() and these things, but I wonder why that works in 0.9.2 (which I assume you tested it with?). Anyway, this is pretty much untested functionality and not currently expected to work in any sensible way.
My application accepts arbitrary XSLT files from users to transform content.
We already had a discussion recently about this-not-being-a-good-idea as you cannot easily prevent the stylesheet from eating up your CPU cycles. XSLT is turing-complete, so you can use it to find prime-factors, search for ET (no pun intended), etc., even if you manage to keep it from filling up your hard disk or reading your password files.
While my application does not chunk output in the manner described above I have tested it with a stylesheet that chunks output and the lxml binding do in fact create the files as I would expect with the libxslt bindings. They do not however create directories, which is inconsistent with the standard API.
Not really inconsistent, as this is an API of xsltproc, not libxslt. It rather should not do that at all...
Either way I would like to be able to disable this as it opens up the possibility for users to write arbitrary files to the file system.
I gave it a try and implemented a new API for that. Look at the bottom of http://codespeak.net/svn/lxml/branch/xslt-access-control/doc/resolvers.txt to see how to use it. Note that the second part (everything below "BROKEN FROM HERE") does not currently work, likely due to problems with libxslt. If I can't get that working, it will be removed. Stefan