Diff
Modified: trunk/LayoutTests/ChangeLog (237619 => 237620)
--- trunk/LayoutTests/ChangeLog 2018-10-31 03:31:15 UTC (rev 237619)
+++ trunk/LayoutTests/ChangeLog 2018-10-31 03:36:33 UTC (rev 237620)
@@ -1,3 +1,14 @@
+2018-10-30 David Kilzer <[email protected]>
+
+ XSLTProcessor should limit max transform depth
+ <https://webkit.org/b/191075>
+ <rdar://problem/45531453>
+
+ Reviewed by Alex Christensen.
+
+ * fast/xsl/xslt-max-depth-expected.txt: Added.
+ * fast/xsl/xslt-max-depth.html: Added.
+
2018-10-30 Devin Rousso <[email protected]>
Web Inspector: Audit: create Audit Tab
Added: trunk/LayoutTests/fast/xsl/xslt-max-depth-expected.txt (0 => 237620)
--- trunk/LayoutTests/fast/xsl/xslt-max-depth-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/xsl/xslt-max-depth-expected.txt 2018-10-31 03:36:33 UTC (rev 237620)
@@ -0,0 +1,9 @@
+Test max depth of xsl transform.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/fast/xsl/xslt-max-depth.html (0 => 237620)
--- trunk/LayoutTests/fast/xsl/xslt-max-depth.html (rev 0)
+++ trunk/LayoutTests/fast/xsl/xslt-max-depth.html 2018-10-31 03:36:33 UTC (rev 237620)
@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="utf-8">
+<script src=""
+<script id="xml_content" type="text/plain"><?xml version="1.0" encoding="utf-8"?>
+<doc/>
+</script>
+<script id="xslt_content" type="text/plain"><?xml version="1.0" encoding="utf-8"?>
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
+ <xsl:template match="*">
+ <xsl:apply-imports/>
+ <xsl:apply-templates select=".">
+ <xsl:with-param name="whatever_1">whatever_2</xsl:with-param>
+ </xsl:apply-templates>
+ </xsl:template>
+</xsl:stylesheet>
+</script>
+</head>
+<body>
+<script>
+description("Test max depth of xsl transform.");
+
+window.jsTestIsAsync = true;
+
+window._onload_ = function() {
+ let domParser = new DOMParser();
+ let processor = new XSLTProcessor();
+ processor.importStylesheet(domParser.parseFromString(document.getElementById("xslt_content").textContent, "text/xml"));
+ processor.transformToFragment(domParser.parseFromString(document.getElementById("xml_content").textContent, "text/xml"), document);
+ finishJSTest();
+}
+</script>
+<script src=""
+</body>
+</html>
Modified: trunk/Source/WTF/ChangeLog (237619 => 237620)
--- trunk/Source/WTF/ChangeLog 2018-10-31 03:31:15 UTC (rev 237619)
+++ trunk/Source/WTF/ChangeLog 2018-10-31 03:36:33 UTC (rev 237620)
@@ -1,3 +1,16 @@
+2018-10-30 David Kilzer <[email protected]>
+
+ XSLTProcessor should limit max transform depth
+ <https://webkit.org/b/191075>
+ <rdar://problem/45531453>
+
+ Reviewed by Alex Christensen.
+
+ * wtf/cocoa/SoftLinking.h:
+ (SOFT_LINK_VARIABLE_FOR_HEADER):
+ (SOFT_LINK_VARIABLE_FOR_SOURCE):
+ - Add macros for non-constant global variables.
+
2018-10-30 Alexey Proskuryakov <[email protected]>
Clean up some obsolete MAX_ALLOWED macros
Modified: trunk/Source/WTF/wtf/cocoa/SoftLinking.h (237619 => 237620)
--- trunk/Source/WTF/wtf/cocoa/SoftLinking.h 2018-10-31 03:31:15 UTC (rev 237619)
+++ trunk/Source/WTF/wtf/cocoa/SoftLinking.h 2018-10-31 03:36:33 UTC (rev 237620)
@@ -575,3 +575,30 @@
return pointer##framework##variableName; \
} \
}
+
+#define SOFT_LINK_VARIABLE_FOR_HEADER(functionNamespace, framework, variableName, variableType) \
+ WTF_EXTERN_C_BEGIN \
+ extern variableType variableName; \
+ WTF_EXTERN_C_END \
+ namespace functionNamespace { \
+ variableType * get_##framework##_##variableName(); \
+ }
+
+#define SOFT_LINK_VARIABLE_FOR_SOURCE(functionNamespace, framework, variableName, variableType) \
+ WTF_EXTERN_C_BEGIN \
+ extern variableType variableName; \
+ WTF_EXTERN_C_END \
+ namespace functionNamespace { \
+ variableType * get_##framework##_##variableName(); \
+ variableType * get_##framework##_##variableName() \
+ { \
+ static variableType * variable##framework##variableName; \
+ static dispatch_once_t once; \
+ dispatch_once(&once, ^{ \
+ void* variable = dlsym(framework##Library(), #variableName); \
+ RELEASE_ASSERT_WITH_MESSAGE(variable, "%s", dlerror()); \
+ variable##framework##variableName = static_cast<variableType *>(variable); \
+ }); \
+ return variable##framework##variableName; \
+ } \
+ }
Modified: trunk/Source/WebCore/ChangeLog (237619 => 237620)
--- trunk/Source/WebCore/ChangeLog 2018-10-31 03:31:15 UTC (rev 237619)
+++ trunk/Source/WebCore/ChangeLog 2018-10-31 03:36:33 UTC (rev 237620)
@@ -1,3 +1,19 @@
+2018-10-30 David Kilzer <[email protected]>
+
+ XSLTProcessor should limit max transform depth
+ <https://webkit.org/b/191075>
+ <rdar://problem/45531453>
+
+ Reviewed by Alex Christensen.
+
+ Test: fast/xsl/xslt-max-depth.html
+
+ * xml/SoftLinkLibxslt.cpp: Add macro for `xsltMaxDepth` global.
+ * xml/SoftLinkLibxslt.h: Ditto.
+ * xml/XSLTProcessorLibxslt.cpp:
+ (WebCore::XSLTProcessor::transformToString): Set `xsltMaxDepth`
+ to 1000. Default in libxslt.dylib is 3000.
+
2018-10-30 Jim Mason <[email protected]>
[GTK] Scrollbars not following gtk-primary-button-warps-slider setting
Modified: trunk/Source/WebCore/xml/SoftLinkLibxslt.cpp (237619 => 237620)
--- trunk/Source/WebCore/xml/SoftLinkLibxslt.cpp 2018-10-31 03:31:15 UTC (rev 237619)
+++ trunk/Source/WebCore/xml/SoftLinkLibxslt.cpp 2018-10-31 03:36:33 UTC (rev 237620)
@@ -54,4 +54,6 @@
SOFT_LINK_FUNCTION_FOR_SOURCE(WebCore, libxslt, xsltComputeSortResult, xmlXPathObjectPtr*, (xsltTransformContextPtr ctxt, xmlNodePtr sort), (ctxt, sort))
SOFT_LINK_FUNCTION_FOR_SOURCE(WebCore, libxslt, xsltEvalAttrValueTemplate, xmlChar*, (xsltTransformContextPtr ctxt, xmlNodePtr node, const xmlChar *name, const xmlChar *ns), (ctxt, node, name, ns))
+SOFT_LINK_VARIABLE_FOR_SOURCE(WebCore, libxslt, xsltMaxDepth, int);
+
#endif // OS(DARWIN) && !PLATFORM(GTK)
Modified: trunk/Source/WebCore/xml/SoftLinkLibxslt.h (237619 => 237620)
--- trunk/Source/WebCore/xml/SoftLinkLibxslt.h 2018-10-31 03:31:15 UTC (rev 237619)
+++ trunk/Source/WebCore/xml/SoftLinkLibxslt.h 2018-10-31 03:36:33 UTC (rev 237620)
@@ -62,5 +62,7 @@
SOFT_LINK_FUNCTION_FOR_HEADER(WebCore, libxslt, xsltComputeSortResult, xmlXPathObjectPtr*, (xsltTransformContextPtr ctxt, xmlNodePtr sort), (ctxt, sort))
SOFT_LINK_FUNCTION_FOR_HEADER(WebCore, libxslt, xsltEvalAttrValueTemplate, xmlChar*, (xsltTransformContextPtr ctxt, xmlNodePtr node, const xmlChar *name, const xmlChar *ns), (ctxt, node, name, ns))
+SOFT_LINK_VARIABLE_FOR_HEADER(WebCore, libxslt, xsltMaxDepth, int);
+#define xsltMaxDepth get_libxslt_xsltMaxDepth()
#endif // OS(DARWIN) && !PLATFORM(GTK)
Modified: trunk/Source/WebCore/xml/XSLTProcessorLibxslt.cpp (237619 => 237620)
--- trunk/Source/WebCore/xml/XSLTProcessorLibxslt.cpp 2018-10-31 03:31:15 UTC (rev 237619)
+++ trunk/Source/WebCore/xml/XSLTProcessorLibxslt.cpp 2018-10-31 03:36:33 UTC (rev 237620)
@@ -45,6 +45,7 @@
#include <libxslt/imports.h>
#include <libxslt/security.h>
#include <libxslt/variables.h>
+#include <libxslt/xslt.h>
#include <libxslt/xsltutils.h>
#include <wtf/Assertions.h>
#include <wtf/text/StringBuffer.h>
@@ -301,6 +302,14 @@
}
m_stylesheet->clearDocuments();
+#if OS(DARWIN) && !PLATFORM(GTK)
+ int origXsltMaxDepth = *xsltMaxDepth;
+ *xsltMaxDepth = 1000;
+#else
+ int origXsltMaxDepth = xsltMaxDepth;
+ xsltMaxDepth = 1000;
+#endif
+
xmlChar* origMethod = sheet->method;
if (!origMethod && mimeType == "text/html")
sheet->method = reinterpret_cast<xmlChar*>(const_cast<char*>("html"));
@@ -353,6 +362,11 @@
}
sheet->method = origMethod;
+#if OS(DARWIN) && !PLATFORM(GTK)
+ *xsltMaxDepth = origXsltMaxDepth;
+#else
+ xsltMaxDepth = origXsltMaxDepth;
+#endif
setXSLTLoadCallBack(0, 0, 0);
xsltFreeStylesheet(sheet);
m_stylesheet = nullptr;
