Actions
Bug #5847
closed
Collection finders should respect allowedProtocols
Start date:
2023-01-23
Due date:
% Done:
100%
Estimated time:
Legacy ID:
Applies to branch:
11, 12, trunk
Fix Committed on Branch:
11, 12, trunk
Description
From https://saxonica.plan.io/boards/3/topics/9248
It seems that setting http://saxon.sf.net/feature/allowedProtocols to e.g. http,https in the intent to disallow access to the local file system prevents any direct access in the form of e.g. unparsed-text('file:/foo/bar/file.txt') but it looks as if (tested with Saxon HE 12 J and C) as if uri-collection('file:/?select=.') continues to work, meaning it returns the file URIs of found files.
Updated by Norm Tovey-Walsh almost 2 years ago
- Status changed from In Progress to Resolved
- Applies to branch 11, 12, trunk added
- Fix Committed on Branch 11, 12, trunk added
Resolved in Saxon 11 and 12.
Updated by O'Neil Delpratt almost 2 years ago
- % Done changed from 0 to 100
- Fixed in Maintenance Release 11.5 added
Bug fix applied in the Saxon 11.5 maintenance release.
Updated by O'Neil Delpratt almost 2 years ago
- Status changed from Resolved to Closed
- Fixed in Maintenance Release 12.1 added
Bug fix applied in the Saxon 12.1 maintenance release.
Updated by Michael Kay 6 months ago
See also bug #6450, which corrects this patch.
Please register to edit this issue
Actions
.