cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hunsberger, Peter" <>
Subject RE: XSL Security question
Date Thu, 30 Jan 2003 15:48:20 GMT
> Where the files directory would contain a user's directory which user's
could upload 
> there own versions of the stylesheets, ie. skins I would want to define a
> transformer that would not affect the transformations in the rest of the
> but would limit the user to using basic xsl transformations or to limit
the user to
> his xsl file and that alone. 
> Does anyone have any ideas on how to implement this safely or is it just a
bad idea?

Hi Andrew, 

This seems like a bad idea: skins are configuration data, giving someone a
programming language to implement data doesn't make sense.  Instead let them
define an XML file with various settings that define how the skin
implemented.  Then use an XSLT to combine their configuration data with any
other default configuration data.  Since there are many people already doing
exactly this you may want to look around a little and, in particular, pay
some attention to Forrest if you haven't already done so...

To unsubscribe, e-mail:
For additional commands, email:

View raw message