Title: [261451] trunk
- Revision
- 261451
- Author
- [email protected]
- Date
- 2020-05-09 20:08:00 -0700 (Sat, 09 May 2020)
Log Message
XML external entity resources should only be loaded from XML MIME types
<https://webkit.org/b/211488>
<rdar://problem/62869515>
Reviewed by Darin Adler.
Source/WebCore:
Tests: dom/xhtml/level3/core/entitygetinputencoding03.xhtml
dom/xhtml/level3/core/entitygetinputencoding04.xhtml
dom/xhtml/level3/core/entitygetxmlencoding02.xhtml
dom/xhtml/level3/core/entitygetxmlencoding03.xhtml
dom/xhtml/level3/core/entitygetxmlencoding04.xhtml
dom/xhtml/level3/core/entitygetxmlversion03.xhtml
dom/xhtml/level3/core/entitygetxmlversion04.xhtml
dom/xhtml/level3/core/nodegetbaseuri16.xhtml
dom/xhtml/level3/core/nodegetbaseuri19.xhtml
dom/xhtml/level3/core/nodegetbaseuri20.xhtml
fast/parser/external-entities-in-xslt.xml
fast/xsl/dtd-in-source-document.xml
fast/xsl/xslt-second-level-import.xml
http/tests/security/contentTypeOptions/nosniff-xml-external-entity.xhtml
http/tests/security/xss-DENIED-xsl-external-entity-redirect.xml
* html/HTMLBaseElement.cpp:
(WebCore::HTMLBaseElement::href const):
- Add comment about keeping code in sync with openFunc() in
XMLDocumentParserLibxml2.cpp.
* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::responseMIMEType const):
- Add comment about keeping code in sync with
externalEntityMimeTypeAllowed() in
XMLDocumentParserLibxml2.cpp.
* xml/parser/XMLDocumentParserLibxml2.cpp:
(WebCore::externalEntityMimeTypeAllowed):
- Rename from externalEntityMimeTypeAllowedByNosniff().
- Change to only allow XML MIME types regardless of nosniff
option.
- Add fallback path to determine MIME type for file:/// URLs to
make layout tests work properly. Logic taken from
XMLHttpRequest::responseMIMEType(). Not sure if there was a
good place to share it.
(WebCore::openFunc):
- Fix relative URLs by providing the document's URL as a base.
Also provide an encoding if needed. Logic taken from
HTMLBaseElement::href(). (Not sure if there was a good place
to share it.) This was required to fix loading of external
entity resources in the dom/xhtml/level3/core tests, which
hadn't been loading these resources for a while. Ultimately
this didn't matter--except for new error messages being
printed in test results--because the tests fail due to missing
DOM features for XHTML documents).
- Change the fix for Bug 21963 into an empty URL check since
setting FetchOptions.mode to Mode::SameOrigin prevents a
redirect from loading a resource outside the document's
origin. The previous check worked, but the relaxed check in
externalEntityMimeTypeAllowed() caused the XML MIME type
warning to be output on redirects to non-same-origin URLs. I
didn't see a way to check for a cross-origin loading error.
- Add a console message for a cross-origin load failing.
- Update for function rename.
- Remove double negative from console message for an invalid
MIME type.
(WebCore::externalEntityMimeTypeAllowedByNosniff):
- Rename to externalEntityMimeTypeAllowed().
LayoutTests:
To fix these layout tests, the following changes were made:
- Rename *.ent files to *.ent.xml so that an XML MIME type would
be given to the resources when loading from a file:/// URL.
- Similarly, rename *.dtd files to *.dtd.xml.
- Update tests to refer to new entity/dtd file names.
- There are more *.dtd and *.ent files that weren't renamed. I
will fix those in a follow-up patch. They weren't needed to
fix any tests, so may be unused.
* dom/xhtml/level3/core/entitygetinputencoding03.xhtml:
* dom/xhtml/level3/core/entitygetinputencoding04.xhtml:
* dom/xhtml/level3/core/entitygetxmlencoding02.xhtml:
* dom/xhtml/level3/core/entitygetxmlencoding03.xhtml:
* dom/xhtml/level3/core/entitygetxmlencoding04.xhtml:
* dom/xhtml/level3/core/entitygetxmlversion03.xhtml:
* dom/xhtml/level3/core/entitygetxmlversion04.xhtml:
* dom/xhtml/level3/core/resources/external_foo.ent.xml: Rename from LayoutTests/dom/xhtml/level3/core/external_foo.ent.xml.
* dom/xhtml/level3/core/resources/external_foobr.ent.xml: Rename from LayoutTests/dom/xhtml/level3/core/external_foobr.ent.xml.
* dom/xhtml/level3/core/resources/external_widget.ent.xml: Rename from LayoutTests/dom/xhtml/level3/core/external_widget.ent.xml.
* dom/xhtml/level3/core/nodegetbaseuri16.xhtml:
* dom/xhtml/level3/core/nodegetbaseuri19.xhtml:
* dom/xhtml/level3/core/nodegetbaseuri20.xhtml:
* fast/parser/external-entities.xml:
* fast/parser/resources/external-entities.dtd.xml: Rename from LayoutTests/fast/parser/resources/external-entities.dtd.
* fast/parser/resources/external-entities.xsl:
* fast/xsl/dtd-in-source-document.xml:
* fast/xsl/resources/dtd-in-source-document.dtd.xml: Rename from LayoutTests/fast/xsl/resources/dtd-in-source-document.dtd.
* fast/xsl/resources/xslt-second-level-import.xsl:
* fast/xsl/resources/xslt-second-level-import.xsl.dtd.xml: Rename from LayoutTests/fast/xsl/resources/xslt-second-level-import.xsl.dtd.
* http/tests/security/contentTypeOptions/nosniff-xml-external-entity-expected.txt:
* http/tests/security/contentTypeOptions/nosniff-xml-external-entity.xhtml:
- Add test cases without "X-Content-Type-Options: nosniff"
header.
* http/tests/security/xss-DENIED-xsl-external-entity-redirect-expected.txt:
- Add newly expected console error messages about cross-origin
resource load failures.
Modified Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (261450 => 261451)
--- trunk/LayoutTests/ChangeLog 2020-05-10 03:05:40 UTC (rev 261450)
+++ trunk/LayoutTests/ChangeLog 2020-05-10 03:08:00 UTC (rev 261451)
@@ -1,3 +1,50 @@
+2020-05-09 David Kilzer <[email protected]>
+
+ XML external entity resources should only be loaded from XML MIME types
+ <https://webkit.org/b/211488>
+ <rdar://problem/62869515>
+
+ Reviewed by Darin Adler.
+
+ To fix these layout tests, the following changes were made:
+ - Rename *.ent files to *.ent.xml so that an XML MIME type would
+ be given to the resources when loading from a file:/// URL.
+ - Similarly, rename *.dtd files to *.dtd.xml.
+ - Update tests to refer to new entity/dtd file names.
+ - There are more *.dtd and *.ent files that weren't renamed. I
+ will fix those in a follow-up patch. They weren't needed to
+ fix any tests, so may be unused.
+
+ * dom/xhtml/level3/core/entitygetinputencoding03.xhtml:
+ * dom/xhtml/level3/core/entitygetinputencoding04.xhtml:
+ * dom/xhtml/level3/core/entitygetxmlencoding02.xhtml:
+ * dom/xhtml/level3/core/entitygetxmlencoding03.xhtml:
+ * dom/xhtml/level3/core/entitygetxmlencoding04.xhtml:
+ * dom/xhtml/level3/core/entitygetxmlversion03.xhtml:
+ * dom/xhtml/level3/core/entitygetxmlversion04.xhtml:
+ * dom/xhtml/level3/core/resources/external_foo.ent.xml: Rename from LayoutTests/dom/xhtml/level3/core/external_foo.ent.xml.
+ * dom/xhtml/level3/core/resources/external_foobr.ent.xml: Rename from LayoutTests/dom/xhtml/level3/core/external_foobr.ent.xml.
+ * dom/xhtml/level3/core/resources/external_widget.ent.xml: Rename from LayoutTests/dom/xhtml/level3/core/external_widget.ent.xml.
+ * dom/xhtml/level3/core/nodegetbaseuri16.xhtml:
+ * dom/xhtml/level3/core/nodegetbaseuri19.xhtml:
+ * dom/xhtml/level3/core/nodegetbaseuri20.xhtml:
+ * fast/parser/external-entities.xml:
+ * fast/parser/resources/external-entities.dtd.xml: Rename from LayoutTests/fast/parser/resources/external-entities.dtd.
+ * fast/parser/resources/external-entities.xsl:
+ * fast/xsl/dtd-in-source-document.xml:
+ * fast/xsl/resources/dtd-in-source-document.dtd.xml: Rename from LayoutTests/fast/xsl/resources/dtd-in-source-document.dtd.
+ * fast/xsl/resources/xslt-second-level-import.xsl:
+ * fast/xsl/resources/xslt-second-level-import.xsl.dtd.xml: Rename from LayoutTests/fast/xsl/resources/xslt-second-level-import.xsl.dtd.
+
+ * http/tests/security/contentTypeOptions/nosniff-xml-external-entity-expected.txt:
+ * http/tests/security/contentTypeOptions/nosniff-xml-external-entity.xhtml:
+ - Add test cases without "X-Content-Type-Options: nosniff"
+ header.
+
+ * http/tests/security/xss-DENIED-xsl-external-entity-redirect-expected.txt:
+ - Add newly expected console error messages about cross-origin
+ resource load failures.
+
2020-05-09 Wenson Hsieh <[email protected]>
[macOS] Search field on mayoclinic.org/forms/us-resident-appointment clips the submit button
Modified: trunk/Source/WebCore/ChangeLog (261450 => 261451)
--- trunk/Source/WebCore/ChangeLog 2020-05-10 03:05:40 UTC (rev 261450)
+++ trunk/Source/WebCore/ChangeLog 2020-05-10 03:08:00 UTC (rev 261451)
@@ -1,3 +1,69 @@
+2020-05-09 David Kilzer <[email protected]>
+
+ XML external entity resources should only be loaded from XML MIME types
+ <https://webkit.org/b/211488>
+ <rdar://problem/62869515>
+
+ Reviewed by Darin Adler.
+
+ Tests: dom/xhtml/level3/core/entitygetinputencoding03.xhtml
+ dom/xhtml/level3/core/entitygetinputencoding04.xhtml
+ dom/xhtml/level3/core/entitygetxmlencoding02.xhtml
+ dom/xhtml/level3/core/entitygetxmlencoding03.xhtml
+ dom/xhtml/level3/core/entitygetxmlencoding04.xhtml
+ dom/xhtml/level3/core/entitygetxmlversion03.xhtml
+ dom/xhtml/level3/core/entitygetxmlversion04.xhtml
+ dom/xhtml/level3/core/nodegetbaseuri16.xhtml
+ dom/xhtml/level3/core/nodegetbaseuri19.xhtml
+ dom/xhtml/level3/core/nodegetbaseuri20.xhtml
+ fast/parser/external-entities-in-xslt.xml
+ fast/xsl/dtd-in-source-document.xml
+ fast/xsl/xslt-second-level-import.xml
+ http/tests/security/contentTypeOptions/nosniff-xml-external-entity.xhtml
+ http/tests/security/xss-DENIED-xsl-external-entity-redirect.xml
+
+ * html/HTMLBaseElement.cpp:
+ (WebCore::HTMLBaseElement::href const):
+ - Add comment about keeping code in sync with openFunc() in
+ XMLDocumentParserLibxml2.cpp.
+ * xml/XMLHttpRequest.cpp:
+ (WebCore::XMLHttpRequest::responseMIMEType const):
+ - Add comment about keeping code in sync with
+ externalEntityMimeTypeAllowed() in
+ XMLDocumentParserLibxml2.cpp.
+ * xml/parser/XMLDocumentParserLibxml2.cpp:
+ (WebCore::externalEntityMimeTypeAllowed):
+ - Rename from externalEntityMimeTypeAllowedByNosniff().
+ - Change to only allow XML MIME types regardless of nosniff
+ option.
+ - Add fallback path to determine MIME type for file:/// URLs to
+ make layout tests work properly. Logic taken from
+ XMLHttpRequest::responseMIMEType(). Not sure if there was a
+ good place to share it.
+ (WebCore::openFunc):
+ - Fix relative URLs by providing the document's URL as a base.
+ Also provide an encoding if needed. Logic taken from
+ HTMLBaseElement::href(). (Not sure if there was a good place
+ to share it.) This was required to fix loading of external
+ entity resources in the dom/xhtml/level3/core tests, which
+ hadn't been loading these resources for a while. Ultimately
+ this didn't matter--except for new error messages being
+ printed in test results--because the tests fail due to missing
+ DOM features for XHTML documents).
+ - Change the fix for Bug 21963 into an empty URL check since
+ setting FetchOptions.mode to Mode::SameOrigin prevents a
+ redirect from loading a resource outside the document's
+ origin. The previous check worked, but the relaxed check in
+ externalEntityMimeTypeAllowed() caused the XML MIME type
+ warning to be output on redirects to non-same-origin URLs. I
+ didn't see a way to check for a cross-origin loading error.
+ - Add a console message for a cross-origin load failing.
+ - Update for function rename.
+ - Remove double negative from console message for an invalid
+ MIME type.
+ (WebCore::externalEntityMimeTypeAllowedByNosniff):
+ - Rename to externalEntityMimeTypeAllowed().
+
2020-05-09 Wenson Hsieh <[email protected]>
[macOS] Search field on mayoclinic.org/forms/us-resident-appointment clips the submit button
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
