Sitecore includes an xslExtension helper for use with SQL Server.
We strongly recommended that you disable the xslExtension helper if:
- You do not need it.
- You are not using Sitecore XSLT renderings.
To disable the xslExtension helper:
- In the
app_config/includefolder, create a patch file. Give it a file name that ends with the extension
- Insert the following code in the patch file:
<!-- disable XSLT security issue see https://doc.sitecore.net/sitecore_experience_platform/setting_up_and_maintaining/security_hardening/configuring/disable_sql_server_access_from_xslt -->
<extension type="Sitecore.Xml.Xsl.SqlHelper, Sitecore.Kernel">
Send feedback about the documentation to firstname.lastname@example.org.