Xalan, at least, allows access to the Bean Scripting Framework as well => access any class.
> From: Andrew Timberlake [mailto:[EMAIL PROTECTED]] > > I don't know all the capabilities of XSL and would like to > know if there is a security risk in allowing users to upload > any XSL files to be used in a 'skins' type of application? My > one concern would be using the document('') methods to load > and display other files from the system? If this is not a > good idea, can we sandbox an xsl transformer somehow? Any > thoughts are most welcome. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
