Disable SQL Server access from XSLT
Version: 9.2
Applies to |
All core roles |
Sitecore Installation Framework |
SQL Server access from XSLT is not disabled by default. |
Azure Toolkit |
SQL Server access from XSLT is not disabled by default. |
Sitecore includes an xslExtension helper for use with SQL Server.
We strongly recommended that you disable the xslExtension helper if:
-
You do not need it.
-
You are not using Sitecore XSLT renderings.
To disable the xslExtension helper:
-
In the
App_Config/Include
folder, create a patch file. Give it a file name that ends with the extension.config
. -
Insert the following code in the patch file:
RequestResponse
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/">
<sitecore>
<!-- disable XSLT security issue see https://doc.sitecore.net/sitecore_experience_platform/setting_up_and_maintaining/security_hardening/configuring/disable_sql_server_access_from_xslt -->
<xslExtensions>
<extension type="Sitecore.Xml.Xsl.SqlHelper, Sitecore.Kernel">
<patch:delete/>
</extension>
</xslExtensions>
</sitecore>
</configuration>