Consider adding an option to the p:xslt step to filter the stylesheet's access to URIs #163
Description
If the p:xslt step can be configured to restrict access to particular data sources, such as the file system, then it can more safely be used to run user-supplied XSLT stylesheets in a multi-user environment. e.g.
<p:xslt uri-filter="^(http:|https:).*$"><!-- no access to file: URIs -->
...
</p:xslt>Unlike in other environments, XSLT 2's <xsl:result-document> does not write directly to a file system, so it doesn't pose a risk. However, a stylesheet could gain read access to local data sources using e.g. a file: URI, e.g.
<xsl:stylesheet version="2.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:template match="/">
<xsl:copy-of
select="document('file:///var/lib/tomcat7/conf/tomcat-users.xml')"/>
</xsl:template>
</xsl:stylesheet>A custom URI resolver for the XSLT step could filter all requested URIs and prevent access to any which didn't match the specified filter.
When combined with #162 this feature would provide a "safe mode" for XSLT.