Johan Zxcer wrote:
I disagree that Xalan by definition is doing something that should have to be
treated specially versus all the other packages I must trust in order to
build a service.
How about just pre-parsing the stylesheet yourself and reporting an
error if the stylesheet contains any extension functions other than the
ones you allow?
If you really want to get fancy, you could extend Xalan-J's XPath
parsing code to do this. Otherwise, you can simply looking for
namespace bindings that shouldn't be there, since the only way to call
an extension function is through a namespace.
If you can use C++, instead of Java, you can use Xalan-C, which only
allows user-provided extension function, making it impossible for users
to call arbitrary code.
Dave
