[Pkg-zope-developers] Possible security issue in zope-zms: Can
users specify their own xsl for import/export filtering
Stefan Fritsch
sf at sfritsch.de
Fri Dec 2 17:02:00 UTC 2005
Hi,
libsaxon allows to execute arbitrary java methods from XSLTs and
zope-zms uses libsaxon for import/export. If zope-zms allows users to
configure filters with their own XSLTs this is obviuosly a security
issue. Can you tell me whether ZMS allows this?
Thanks.
Cheers,
Stefan
More information about the Pkg-zope-developers
mailing list