Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Block additional XPath calls in attribute map

Description

Full details can be found here : https://github.com/rackerlabs/attributeMapping/issues/38
https://github.com/rackerlabs/attributeMapping/pull/39

This feature will add more blacklisted functions in the path so that they cannot be accessed from external resources. Specifically, Saxon is not blocking unparsed-text and unparsed-text-available. It has to do with XPath 2.0 features and which functions are allowed in the path.

Acceptance Criteria:

  • block access to unparsed-text, unparsed-tet-available

Environment

None
100% Done
Loading...

is required by

Activity

Damien Johnson August 10, 2017 at 5:39 PM

Since we may be moving to a newer version of Saxon soon, and thus, may provide support for XPath 3.0 functions, we should also blacklist any functions from XPath 3.0 that provide access to external resources.

I believe those functions are enumerated here:
https://www.w3.org/TR/xpath-functions-30/\#fns-on-docs

Done
Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Reporter

Capitalizable

True

Story Points

Time remaining

0h

Sprint

Fix versions

Priority

Parent

Created August 8, 2017 at 6:53 PM
Updated August 15, 2017 at 9:05 PM
Resolved August 15, 2017 at 9:05 PM