Tim
10/12/2022, 7:59 PMIf the XML path contains a forward slash or backslash, it will be blocked. The flag, coldfusion.xml.allowPathCharacters, must be set to true to allow the same.What does that mean, exactly? Like,
XMLParse("a/path/to/an/xml/file.xml")
no longer works unless I set that flag? (in the JVM args? In the Application.cfc? the docs are a bit sparse here...)XMLParse("<https://an/xml/file>")
is still working.rstewart
10/12/2022, 9:40 PMTim
10/12/2022, 9:45 PMrstewart
10/12/2022, 10:10 PMmtbrown
10/13/2022, 6:19 AMxmlSearch
, but still not clear on what is disallowed since slashes are going to be extremely common for that.Tim
10/13/2022, 1:35 PMMark Takata (Adobe)
10/13/2022, 6:01 PMBrian Reilly
10/13/2022, 7:05 PMExpression Unable to process the XML string as it could probably contain file paths.
for an XSLT style sheet passed to XMLTransform() contains slashes or backslashes. But it also appears to trigger on <\xsl:stylesheet>
, which I don't think is rightpriyank_adobe
10/13/2022, 7:08 PMTim
10/13/2022, 7:16 PM</xsl:stylesheet>
? The backslash there seems wrong.Brian Reilly
10/13/2022, 7:20 PM</xsl:stylesheet>
and <xsl:stylesheet version="1.0" xmlns:xsl="<http://www.w3.org/1999/XSL/Transform>">
</xsl:stylesheet>
behaves the same way -- it will return the "Expression Unable to process the XML string as it could probably contain file paths." errorTim
10/13/2022, 8:13 PM/
in a transform... embedded XPath selectors.
So really, XmlTransform
is now useless, unless you enable that flag. because the xsl parameter of that function is not allowed to have / in it. But it takes an XML string which is required to have / in it...