[lxml-dev] Preventing XPath injection
Alex Klizhentas
klizhentas at gmail.com
Sat Sep 6 14:18:42 CEST 2008
Hi All, I'm facing the following issue:
xslt transformations accept xpath expressions as parameters, and if you
write something like:
transform(a,param = " ' ' ' ") - xpath evaluation will fail. Is there any
common/standard way to prevent that?
Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://codespeak.net/pipermail/lxml-dev/attachments/20080906/24b89275/attachment.htm
More information about the lxml-dev
mailing list