Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow stylesheets to read and write files in the site directory #1951

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

allow stylesheets to read and write files in the site directory #1951

wants to merge 1 commit into from

Conversation

xworld21
Copy link
Contributor

@xworld21 xworld21 commented Aug 31, 2022
edited
Loading

Small functionality & security improvement, while working on #1948: stylesheets can read (via document()) and write (via <exsl:document>) files. This PR ensures that read/write operations happen in the site directory.

For security, operations are also restricted to the site directory, and network access is disabled.

Edit: this fixes #2053 in so far as letting exsl:document() write files in the correct place. My sandbox question in #2053 should rather be part of #2218.

@xworld21 xworld21 mentioned this pull request Aug 31, 2022
Open
xworld21
xworld21 commented Sep 3, 2022
View reviewed changes
lib/LaTeXML/Post/XSLT.pm Outdated Show resolved Hide resolved
lib/LaTeXML/Post/XSLT.pm Outdated Show resolved Hide resolved
lib/LaTeXML/Post/XSLT.pm Outdated Show resolved Hide resolved
xworld21
xworld21 commented Oct 10, 2022
View reviewed changes
lib/LaTeXML/Post/XSLT.pm Outdated Show resolved Hide resolved
@xworld21 xworld21 force-pushed the exsl-document-site-directory branch from 2b54ca2 to f7d837e Compare March 4, 2023 16:57
This was referenced Mar 4, 2023
Open
Open
@xworld21 xworld21 mentioned this pull request Apr 2, 2023
Open
@xworld21 xworld21 force-pushed the exsl-document-site-directory branch from f7d837e to ddc4d46 Compare January 7, 2024 13:59
@xworld21
Copy link
Contributor Author

xworld21 commented Jan 7, 2024

I have removed the libxslt security callback stuff, and kept this PR at a minimum: the point is, XSLT.pm is supposed to run in the site directory, because stylesheets can create additional files via exsl:document() (that could be very convenient to generate additional manifests, search indexes, custom EPUB tocs, etc). Simply changing directory is not controversial, I hope.

The security callbacks will reappear in the --recorder PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

sandbox document() and <exsl:document>
1 participant
@xworld21