Security Vulnerabilities

Security Vulnerabilities

A description of potential security vulnerabilities picked up by Josh Mandel when using XSLT to render data on screen, and the impact for FHIR.

Interestingly, a colleague of mine (Richard) has suggested the use of Markdown rather than HTML in FHIR Narrative for this very reason…

About David Hay
I'm an independent contractor working with companies like Orion Health and Rhapsody, HL7 Fellow, Chair emeritus of HL7 New Zealand and a co-chair of the FHIR Management Group. I have a keen interest in health IT, especially health interoperability with HL7 and the new FHIR standard.

One Response to Security Vulnerabilities

  1. Peter Jordan says:

    Very interesting, although I’m not quite sure that this warrants throwing the HTML baby out with the bathwater. Ultimately, it boils down to security policies and trust models. If any eHealth application is about to generate HTML from an untrusted source, best that it scans that markup text before it’s rendered. One would also hope that Healthcare Facilities have very tightly-configured browsers. As for passing session state in URLs – particularly if unencrypted – maybe not a great idea in general?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: