summaryrefslogtreecommitdiff
path: root/doc/plugins
diff options
context:
space:
mode:
authorhttp://kerravonsen.dreamwidth.org/ <http://kerravonsen.dreamwidth.org/@web>2009-12-01 18:30:25 -0500
committerJoey Hess <joey@kitenet.net>2009-12-01 18:30:25 -0500
commit3ca05b15d6c47446e89128b405b9ffce8a418a3c (patch)
treee38e49147f458fbb20978fccc6ea8fb389d83909 /doc/plugins
parentdb746519ebca6495342d836a77c0664977ee0d99 (diff)
reply to comment
Diffstat (limited to 'doc/plugins')
-rw-r--r--doc/plugins/contrib/xslt/discussion.mdwn6
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/plugins/contrib/xslt/discussion.mdwn b/doc/plugins/contrib/xslt/discussion.mdwn
index a549681de..3288150a4 100644
--- a/doc/plugins/contrib/xslt/discussion.mdwn
+++ b/doc/plugins/contrib/xslt/discussion.mdwn
@@ -14,3 +14,9 @@ this be used to attack the server where it is built? I know that xslt is
really a full programming language, so I assume at least DOS attacks are
possible. Can it also read other arbitrary files, run other programs, etc?
--[[Joey]]
+
+> For the first point, agreed. It should probably check that the data file has a `.xml` extension also. Will fix soon.
+
+> For the second point, I think the main concern would be resource usage. XSLT is a pretty limited language; it can read other XML files, but it can't run other programs so far as I know.
+
+> -- [[KathrynAndersen]]