Does XSLT work in sidebar? Any security issues Do we have security checks on ALL entry points into XSLT, including all functions that take DOM objects and the stylesheet PI? Can the evaluate method be called on any document, or does same origin check apply? There is no pref to disable XSLT on trunk We need extensible security policies in CAPS, which sites can connect to what etc. Need to test XSLT for buffer overruns.
We have had some recent security issues reported in XSLT. We should still do this audit, but the specific items mentioned here are pretty generic and will already be known to potential attackers.
Yeah, I think this bug doesn't contain any useful action items any more.