| ▲ | p0w3n3d 21 hours ago | |||||||
what exactly is the security concern with xslt? | ||||||||
| ▲ | TingPing 20 hours ago | parent | next [-] | |||||||
It parses untrusted input, the library is basically unmaintained, it’s not often audited but anytime someone looks they find a CVE. | ||||||||
| ▲ | JimDabell 20 hours ago | parent | prev | next [-] | |||||||
This is answered in the article. | ||||||||
| ▲ | jeffbee 20 hours ago | parent | prev [-] | |||||||
XSLT the idea contains few (but not zero) unavoidable security flaws. libxslt the library is a barely-maintained dumpster fire of bad practices. | ||||||||
| ||||||||