Am 12.09.2011 13:33, schrieb Dr. Trigon:
from lxml import etree doc = etree.parse(f) xslt_root = etree.XML( open(xslt).read() )
so why should there be a problem if the xslt would contain binary data (which in fact they would not since I have to upload them... ;)
I think he reffered to "the path of the xslt file" which should be protected against containing \0 and ither special characters.
What would be the best / most safe verification? Check for "http" in the beginning of the string?
Or prepending http:// if the input doesn't start with http://
Peter