Closed
Bug 194438
Opened 22 years ago
Closed 12 years ago
XSLT Security Review Action Items
Categories
(Core :: XSLT, defect)
Core
XSLT
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: hjtoi-bugzilla, Assigned: peterv)
References
Details
(Whiteboard: [sg:audit])
Does XSLT work in sidebar? Any security issues Do we have security checks on ALL entry points into XSLT, including all functions that take DOM objects and the stylesheet PI? Can the evaluate method be called on any document, or does same origin check apply? There is no pref to disable XSLT on trunk We need extensible security policies in CAPS, which sites can connect to what etc. Need to test XSLT for buffer overruns.
Updated•21 years ago
|
Whiteboard: [sg:investigation]
Comment 1•12 years ago
|
||
We have had some recent security issues reported in XSLT. We should still do this audit, but the specific items mentioned here are pretty generic and will already be known to potential attackers.
Group: core-security
Whiteboard: [sg:investigation] → [sg:audit]
Yeah, I think this bug doesn't contain any useful action items any more.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•