Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 66338748251c4f55d2b29e32e4851add3ed40f0e
https://github.com/WebKit/WebKit/commit/66338748251c4f55d2b29e32e4851add3ed40f0e
Author: David Kilzer <[email protected]>
Date: 2024-04-24 (Wed, 24 Apr 2024)
Changed paths:
R LayoutTests/http/tests/security/resources/xslt-external-entity.svg
R LayoutTests/http/tests/security/resources/xslt2.py
A
LayoutTests/http/tests/security/resources/xss-ALLOWED-xsl-external-entity-xslt-docloader.py
A
LayoutTests/http/tests/security/resources/xss-ALLOWED-xsl-external-entity-xslt-docloader.svg
A
LayoutTests/http/tests/security/resources/xss-ALLOWED-xsl-external-entity-xslt-docloader.xml
A
LayoutTests/http/tests/security/resources/xss-DENIED-xsl-external-entity-xslt-docloader.py
A
LayoutTests/http/tests/security/resources/xss-DENIED-xsl-external-entity-xslt-docloader.svg
R LayoutTests/http/tests/security/xslt-external-entity-expected.txt
R LayoutTests/http/tests/security/xslt-external-entity.html
A
LayoutTests/http/tests/security/xss-ALLOWED-xsl-external-entity-xslt-docloader-expected.txt
A
LayoutTests/http/tests/security/xss-ALLOWED-xsl-external-entity-xslt-docloader.html
A
LayoutTests/http/tests/security/xss-DENIED-xsl-external-entity-xslt-docloader-expected.txt
A
LayoutTests/http/tests/security/xss-DENIED-xsl-external-entity-xslt-docloader.html
R
LayoutTests/platform/mac-monterey/http/tests/security/xslt-external-entity-expected.txt
A
LayoutTests/platform/mac-monterey/http/tests/security/xss-DENIED-xsl-external-entity-xslt-docloader-expected.txt
M Source/WebCore/xml/XSLTProcessorLibxslt.cpp
M Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp
Log Message:
-----------
REGRESSION (269108@main): Same-origin XSLT document() loads fail
https://bugs.webkit.org/show_bug.cgi?id=273106
<rdar://126897034>
Reviewed by Alex Christensen.
Prior to this change, all external entity loads using docLoaderFunc() in
XSLTProcessorLibxslt.cpp would fail in shouldAllowExternalLoad() because
XMLDocumentParserScope::currentCachedResourceLoader was nullptr. This
caused both cross-origin loads and same-origin loads to fail.
The fix is to make use of XMLDocumentParserScope in docLoaderFunc() to
set XMLDocumentParserScope::currentCachedResourceLoader so that the
same-origin policy is applied.
We keep the check added to shouldAllowExternalLoad() from 269108@main in
case a load is initiated without using XMLDocumentParserScope, and this
change adds a Debug assert to catch those cases before the load fails.
Tests:
http/tests/security/xss-ALLOWED-xsl-external-entity-xslt-docloader.html
http/tests/security/xss-DENIED-xsl-external-entity-xslt-docloader.html
*
LayoutTests/http/tests/security/resources/xss-ALLOWED-xsl-external-entity-xslt-docloader.py:
Add.
*
LayoutTests/http/tests/security/resources/xss-ALLOWED-xsl-external-entity-xslt-docloader.svg:
Copy from LayoutTests/http/tests/security/resources/xslt-external-entity.svg.
*
LayoutTests/http/tests/security/resources/xss-ALLOWED-xsl-external-entity-xslt-docloader.xml:
Add.
*
LayoutTests/http/tests/security/resources/xss-DENIED-xsl-external-entity-xslt-docloader.py:
Rename from LayoutTests/http/tests/security/resources/xslt2.py.
*
LayoutTests/http/tests/security/resources/xss-DENIED-xsl-external-entity-xslt-docloader.svg:
Rename from LayoutTests/http/tests/security/resources/xslt-external-entity.svg.
*
LayoutTests/http/tests/security/xss-ALLOWED-xsl-external-entity-xslt-docloader-expected.txt:
Add.
*
LayoutTests/http/tests/security/xss-ALLOWED-xsl-external-entity-xslt-docloader.html:
Copy from LayoutTests/http/tests/security/xslt-external-entity.html.
*
LayoutTests/http/tests/security/xss-DENIED-xsl-external-entity-xslt-docloader-expected.txt:
Rename from LayoutTests/http/tests/security/xslt-external-entity-expected.txt.
- Update results with denied console messages. This change is the
result of the bug fix.
*
LayoutTests/http/tests/security/xss-DENIED-xsl-external-entity-xslt-docloader.html:
Rename from LayoutTests/http/tests/security/xslt-external-entity.html.
- Add xss-ALLOWED-xsl-external-entity-xslt-docloader.html to test the
same-origin case. This test failed before this fix.
- Rename http/tests/security/xslt-external-entity.html to
xss-DENIED-xsl-external-entity-xslt-docloader.html to match similar
test cases.
*
LayoutTests/platform/mac-monterey/http/tests/security/xss-DENIED-xsl-external-entity-xslt-docloader-expected.txt:
Rename from
LayoutTests/platform/mac-monterey/http/tests/security/xslt-external-entity-expected.txt.
- Update results with denied console messages. This change is the
result of the bug fix.
* Source/WebCore/xml/XSLTProcessorLibxslt.cpp:
(WebCore::docLoaderFunc):
- Make use of WebCore::XMLDocumentParserScope to fix the bug.
* Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp:
(WebCore::shouldAllowExternalLoad):
- Add Debug assert to catch failures where XMLDocumentParserScope is
missing, or a non-WebKit, in-process libxml2 load occurs.
Canonical link: https://commits.webkit.org/277924@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
