We have the following code in one project as a part of generating a simple Excel file from a template:
StreamReader reader = new StreamReader(DeploymentFolder + "bin\\Excel.xsl");
XmlTextReader xRdr = new XmlTextReader(reader);
xt.Load(xRdr,new XsltSettings(false,false),null);
It works just fine, however the code is not secure, since it is susceptible to Injection attacks. Ideally it should be validated against a schema. So where would I find a schema that validates an XSL file? Is there a built in schema in .NET that does that?
No comments:
Post a Comment