XSLT Security (Windows CE 5.0)
Extensible Stylesheet Language Transformation (XSLT) has the following potential security risks:
- XSLT is designed to run over a public network, such as the Internet. If the security of the XSLT is compromised, it could expose the Windows CE-based device or local network to the public network.
- XSLT supports third party extensions. If these extensions do not use proper security and authentication procedures, they could compromise the security of the Windows CE-based device or local network.
- If XSLT is used with Internet Explorer and proper security and authentication procedures are not used, XSLT could compromise the security of the Windows CE-based device or local network.
Best Practices
For server-side implementations, do not accept XSLT from untrusted sources
For security considerations, XSLT should be treated as code. XSLT files contain instructions that are interpreted by the XML parser. A malicious user can cause an arbitrary XSLT transformation to be performed and this could execute an infinite loop and exhaust system resources.
Default Registry Settings
There are no registry settings affecting XSLT Security. For XSLT registry information, see XSLT Registry Settings.
See Also
XML Core Services and Document Object Model | XML Overview
Send Feedback on this topic to the authors