|
|
|
|
|
|
by linschn
2929 days ago
|
|
|
If you evaluate it in an environment where only the functions you choose are defined, the security risk is nil. Validating a document is a complex, domain-dependant problem. It is far easier to create a secure Domain-Specific Language to handle this than to end up with an accidentally Turing complete abomination like XSLT: http://www.unidex.com/turing/utm.htm |
|
|
Oh. So all you have to do is write perfectly secure code and run it in a perfectly secure environment, and nothing bad can possibly happen.
Well shit, why didn't anyone else ever think of that?