David Pawson: XSLT Questions and Answers
Quite possibly the best XSL resource bar none. Ready-made recipes for tasty XML snacking.
2022-11-02: With 2 decades of hindsight, what a disaster XML technologies have been. Here’s a funny example where XSLT ownz literally.

I discovered a surprising attack surface hidden deep inside Java’s standard library: A custom JIT compiler processing untrusted XSLT programs, exposed to remote attackers during XML signature verification. This post discusses CVE-2022-34169, an integer truncation bug in this JIT compiler resulting in arbitrary code execution in many Java-based web applications and identity providers that support the SAML single-sign-on standard.

• Uncategorized