diff options
Diffstat (limited to 'contrib/xml2/expected/xml2.out')
| -rw-r--r-- | contrib/xml2/expected/xml2.out | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/contrib/xml2/expected/xml2.out b/contrib/xml2/expected/xml2.out index 3bf676fb400..eba6ae60364 100644 --- a/contrib/xml2/expected/xml2.out +++ b/contrib/xml2/expected/xml2.out @@ -207,3 +207,18 @@ SELECT xslt_process('<employee><name>cim</name><age>30</age><pay>400</pay></empl (1 row) +-- possible security exploit +SELECT xslt_process('<xml><foo>Hello from XML</foo></xml>', +$$<xsl:stylesheet version="1.0" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:sax="http://icl.com/saxon" + extension-element-prefixes="sax"> + + <xsl:template match="//foo"> + <sax:output href="0wn3d.txt" method="text"> + <xsl:value-of select="'0wn3d via xml2 extension and libxslt'"/> + <xsl:apply-templates/> + </sax:output> + </xsl:template> +</xsl:stylesheet>$$); +ERROR: failed to apply stylesheet |