cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Donald Ball <ba...@webslingerZ.com>
Subject Re: HTML form submission to servlets, with cocoon
Date Sun, 19 Nov 2000 21:04:58 GMT
On Sun, 19 Nov 2000, Mala Ramakrishnan wrote:

> Hi,
> 
> I can't find an answer to this in the archives, please respond if you
> know how I can do this:
> 
> I have a functional URLProducer that I use whenever I need to redirect a
> servlet's response to cocoon. I now have a form that I use to submit
> certain parameters to a servlet, the servlet in turn returns an xml file
> which I need to format using xsl by directing it to cocoon. Here's what
> I used, it doesn't work:
> 
> In the "action" attribute of the form I passed
> action="http://kojak.speedtrak.com:8080/dummy.xml?producer=URLProducer&xmlSource=http://kojak.speedtrak.com:8900/servlet/routerservlet"

this is so dangerous, it's not even funny. if the XML produced from a
hostile external URL contains an xsp processing instruction, users of your
system can execute arbitrary java code on your system.

have cocoon call your code instead.

- donald


Mime
View raw message