I just found out in comp.text.xml that xalan has a Redirect-extension. (thread "1 input -> 3 outputs")
I'm writing a "cgi-frontend" that allows users to submit forms / files, transforms the cgi-form variables to xml and lets users specify a stylesheet to apply to that xml-file. I'd like to be sure that calling testxslt -in xml_genatered_from_cgi-input -out somethingthatIallow.htm -xsl anyfileanywhere.xsl would only be able to write to the file I have allowed. Are there other things besides Redirect that may be problematic in in cgi-settings in xalan and should be disabled for some applications? I think there could be also others that would like a "secure mode" for xalan. I use the C-version, and do not have a c-compiler. -Timo
