How can I make XSLT work in chrome?

by

The other answer below by Eric is wrong. The namespace declaration he mentioned had nothing to do with the problem.

The real reason it doesn’t work is due to security concerns (cf. issue 4197, issue 111905).

Imagine this scenario:

  1. You receive an email message from an attacker containing a web page as an attachment, which you download.

  2. You open the now-local web page in your browser.

  3. The local web page creates an <iframe> whose source is https://mail.google.com/mail/.

  4. Because you are logged in to Gmail, the frame loads the messages in your inbox.

  5. The local web page reads the contents of the frame by using JavaScript to access frames[0].document.documentElement.innerHTML. (An online web page would not be able to perform this step because it would come from a non-Gmail origin; the same-origin policy would cause the read to fail.)

  6. The local web page places the contents of your inbox into a <textarea> and submits the data via a form POST to the attacker’s web server. Now the attacker has your inbox, which may be useful for spamming or identify theft.

Chrome foils the above scenario by putting restrictions on local files opened using Chrome. To overcome these restrictions, we’ve got two solutions:

  1. Try running Chrome with the --allow-file-access-from-files flag. I’ve not tested this myself, but if it works, your system will now also be vulnerable to scenarios of the kind mentioned above.

  2. Upload it to a host, and problem solved.

More Related Contents:

  1. Display an XML attribute value only on the first encounter with XSL
  2. Database to PDF [closed]
  3. How can I check which XSLT processor is being used in Solr?
  4. XSLT 3-level grouping on attributes
  5. What are the differences between ‘call-template’ and ‘apply-templates’ in XSL?
  6. How to use XSLT to create distinct values
  7. xslt 1.0 string replace function
  8. Can an XSLT insert the current date?
  9. Where can I find a good tutorial on XSLT files? [closed]
  10. Using an HTML entity in XSLT (e.g.  )
  11. XSLT: How to change an attribute value during ?
  12. How to convert json to xml using xslt
  13. XSLT concat string, remove last comma
  14. Replace special characters in XSLT
  15. XSLT generate UUID
  16. how to escape single quote in xslt substring function
  17. Please suggest for XSLT code for Table rowspan and colspan issues
  18. XPath find if node exists
  19. Multiply 2 numbers and then sum
  20. dynamic xpath in xslt?
  21. XSLT getting last element
  22. Adding element in middle of xml using xslt
  23. Create node set and pass as a parameter
  24. How to use starts-with() , contains() and ends-with() in XPath to find the xml node innertext? in XPATH 1.0
  25. Chrome and Safari XSLT using JavaScript
  26. How to concat a string to xsl:value-of select=”…?
  27. Inserting a line break in a PDF generated from XSL FO using
  28. How-to break a for-each loop in XSLT?
  29. adding attribute to the node
  30. Update the text of an element with XSLT based on param

Leave a Comment