This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 30027 - MIME type appendix update
Summary: MIME type appendix update
Status: RESOLVED FIXED
Alias: None
Product: XPath / XQuery / XSLT
Classification: Unclassified
Component: XQuery 3.1 (show other bugs)
Version: Member-only Editors Drafts
Hardware: PC Linux
: P2 normal
Target Milestone: ---
Assignee: Jonathan Robie
QA Contact: Mailing list for public feedback on specs from XSL and XML Query WGs
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-12-01 14:18 UTC by Liam R E Quin
Modified: 2016-12-01 14:49 UTC (History)
1 user (show)

See Also:

Attachments

Description Liam R E Quin 2016-12-01 14:18:17 UTC 
I suggest adding in G.6 Security Considerations 

At the end of the first paragaph (Queries written in XQuery may cause arbitrary...) add,

[[
The XPath 3.1 fn:transform() functions allows calls to URI-identified XSLT transformations which may in turn call external system functions and access or write to the file system. The fn:transform() function should be sandboxed or disabled if untrusted queries are run.


]]

The appendix already mentions fn:put() so no change needed there.