(anonymous) wrote:
To close the topic [1] I finally decided to follow the
hints given by
Maciej Jaros and Merlissimo and created (since it seams nobody did this
already - please correct me, if I am wrong)
"XSaLT: XSL/XSLT Simple and Lightweight
Tool" [2]
Which is a very, very, very simple python cgi script
that takes an url
(pointing to any XML source document) and an XSLT stylesheet. Both are
passed to lxml to transform the XML to a destination document. Any XSLT
stylesheet you might need can be added if you send me a mail.
[...]
Please consider that very, very, very simple scripts typi-
cally have very, very, very bad security protections :-). In
this case, all files on the toolserver can be checked for
existence, if they are XML files and the attacker can depos-
it an XSLT file somewhere on the toolserver they can be read
and accesses to external URLs can be triggered.
Tim