Partager via


XSLT Security (Windows CE 5.0)

Send Feedback

Extensible Stylesheet Language Transformation (XSLT) has the following potential security risks:

  • XSLT is designed to run over a public network, such as the Internet. If the security of the XSLT is compromised, it could expose the Windows CE-based device or local network to the public network.
  • XSLT supports third party extensions. If these extensions do not use proper security and authentication procedures, they could compromise the security of the Windows CE-based device or local network.
  • If XSLT is used with Internet Explorer and proper security and authentication procedures are not used, XSLT could compromise the security of the Windows CE-based device or local network.

Best Practices

For server-side implementations, do not accept XSLT from untrusted sources

For security considerations, XSLT should be treated as code. XSLT files contain instructions that are interpreted by the XML parser. A malicious user can cause an arbitrary XSLT transformation to be performed and this could execute an infinite loop and exhaust system resources.

Default Registry Settings

There are no registry settings affecting XSLT Security. For XSLT registry information, see XSLT Registry Settings.

See Also

XML Core Services and Document Object Model | XML Overview

Send Feedback on this topic to the authors

Feedback FAQs

© 2006 Microsoft Corporation. All rights reserved.