sandbox document() and <exsl:document> #2053

xworld21 · 2023-03-04T17:06:19Z

This is just attaching an issue to #1951. A user can call <exsl:document> and document() in a stylesheet, which raises two issues:

document() can read from anywhere (even the network); postprocessing can be made safe against malicious input, since it does not allow arbitrary code execution, so it makes sense to sandbox document();
<exsl:document> can generate text, HTML, XML files, but it will do so relative to the current working folder rather than the destination directory (which would enable postprocessing to generate customizable XML manifests for instance).

#1951 addresses both.

Edit: changed title to emphasise the underlying security issue.

The text was updated successfully, but these errors were encountered:

dginev added this to the LaTeXML-0.8.8 milestone Mar 4, 2023

dginev added enhancement postprocessing labels Mar 4, 2023

xworld21 changed the title ~~control document() and <exsl:document>~~ sandbox document() and <exsl:document> Jul 30, 2023

xworld21 mentioned this issue Sep 26, 2023

restrict operations according to shell-escape, openin_any, openout_any #2218

Open

xworld21 linked a pull request Jan 7, 2024 that will close this issue

allow stylesheets to read and write files in the site directory #1951

Open

dginev modified the milestones: LaTeXML-0.8.8, LaTeXML-0.9 Jan 28, 2024

Provide feedback