You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@lucene.apache.org by "David Eric Pugh (Jira)" <ji...@apache.org> on 2021/02/05 22:09:00 UTC
[jira] [Commented] (SOLR-15121) Move XSLT (tr param) to scripting
contrib
[ https://issues.apache.org/jira/browse/SOLR-15121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17280014#comment-17280014 ]
David Eric Pugh commented on SOLR-15121:
----------------------------------------
First cut is DONE! The one thing I am not happy with is that I split the old {{XMLLoader}} class up, and moved the handling of the {{tr}} parameter to a new loader called {{XSLTLoader}} who lives in the scripting contrib module. I put in a somewhat ridgid appraoch to pick between them, basically if you HAVE the scripting contrib jar in your path, then we load the {{XSLTLoader}} instead of the {{XMLLoader}}. [https://github.com/apache/lucene-solr/pull/2306/files#diff-6a89004cd0522f74f0a7ce0c07494ed208afaa20bde7ea4cb011a12b28014d42R148]
I thought about trying to make the {{UpdateRequestHandler}} list of content loaders properly pluggable, but worried that would expand the reach of this PR. [~dsmiley]
> Move XSLT (tr param) to scripting contrib
> -----------------------------------------
>
> Key: SOLR-15121
> URL: https://issues.apache.org/jira/browse/SOLR-15121
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: David Smiley
> Assignee: David Eric Pugh
> Priority: Blocker
> Fix For: master (9.0)
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> The XSLT functionality, present in both XML /update loading, and also in the response writer, ought to move to the "scripting" contrib module because XSLT is a type of scripting. XSLT is risky from a security standpoint, and so should not be in solr-core.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org