Bug #5847: Collection finders should respect allowedProtocols - Saxon - Saxonica Developer Community

Actions

Send by e-mail Copy link

Bug #5847

closed

Collection finders should respect allowedProtocols

Added by Norm Tovey-Walsh over 1 year ago. Updated 4 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Norm Tovey-Walsh

Category:

Sprint/Milestone:

Start date:

2023-01-23

Due date:

% Done:

100%

Estimated time:

Legacy ID:

Applies to branch:

11, 12, trunk

Fix Committed on Branch:

11, 12, trunk

Fixed in Maintenance Release:

11.5, 12.1

Platforms:

Description

From https://saxonica.plan.io/boards/3/topics/9248

It seems that setting http://saxon.sf.net/feature/allowedProtocols to e.g. http,https in the intent to disallow access to the local file system prevents any direct access in the form of e.g. unparsed-text('file:/foo/bar/file.txt') but it looks as if (tested with Saxon HE 12 J and C) as if uri-collection('file:/?select=.') continues to work, meaning it returns the file URIs of found files.

Please register to edit this issue

Actions

Send by e-mail Copy link

Also available in: Atom PDF

Project

Profile

Help

Saxon

Bug #5847

Collection finders should respect allowedProtocols

Updated by Norm Tovey-Walsh over 1 year ago

Updated by O'Neil Delpratt over 1 year ago

Updated by O'Neil Delpratt over 1 year ago

Updated by Michael Kay 4 months ago