Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 7b1fb05b974f0c50874da628b5388cca5b7292e2
https://github.com/WebKit/WebKit/commit/7b1fb05b974f0c50874da628b5388cca5b7292e2
Author: David Kilzer <[email protected]>
Date: 2024-04-30 (Tue, 30 Apr 2024)
Changed paths:
M Source/WebCore/dom/ProcessingInstruction.cpp
M Source/WebCore/xml/XSLTProcessorLibxslt.cpp
M Source/WebCore/xml/parser/XMLDocumentParser.h
M Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp
M Source/WebCore/xml/parser/XMLDocumentParserScope.cpp
M Source/WebCore/xml/parser/XMLDocumentParserScope.h
Log Message:
-----------
[WK1] WebKit XML parsing can deny external entity loads from other in-process
libxml2 clients
https://bugs.webkit.org/show_bug.cgi?id=273045
<rdar://126476952>
Reviewed by Alex Christensen and Michael Catanzaro.
The fix for Bug 259235 replaced the default libxml2 external entity
loader function with one from WebKit that implements a same-origin
policy for the web, but that means that WebKit1 clients that use libxml2
for parsing independent of WebKit also start using this function, which
can cause external entity load failures depending on the libxml2 API
used.
Fix this by setting the external entity loader using
XMLDocumentParserScope, then unsetting it when that object is
deallocated.
Add two more places where XMLDocumentParserScope was missing in
WebCore::XMLDocumentParser::appendFragmentSource() and
WebCore::parseAttributes().
Covered by these tests (among others):
fast/xsl/xslt-bad-import-uri.html
http/tests/misc/xslt-bad-import.html
http/tests/security/contentSecurityPolicy/xsl-redirect-blocked.html
http/tests/security/cross-origin-xsl-redirect-BLOCKED.html
http/tests/security/xss-ALLOWED-xsl-external-entity-xslt-docloader.html
http/tests/security/xss-DENIED-xsl-external-entity-xslt-docloader.html
* Source/WebCore/dom/ProcessingInstruction.cpp:
(WebCore::ProcessingInstruction::checkStyleSheet):
- Move Ref variable for Document to top of method instead of calling
document() repeatedly.
- Pass extra argument added to WebCore::parseAttributes().
* Source/WebCore/xml/XSLTProcessorLibxslt.cpp:
(WebCore::docLoaderFunc):
- Minor clean-up to inline return statement.
* Source/WebCore/xml/parser/XMLDocumentParser.h:
(WebCore::XMLParserContext::XMLParserContext): Remove.
(WebCore::XMLDocumentParser::XMLDocumentParser): Remove.
- Delete default constructors.
(WebCore::externalEntityLoader): Add declaration.
(WebCore::parseAttributes):
- Add WebCore::CachedResourceLoader to argument list.
* Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp:
(WebCore::externalEntityLoader):
- Remove 'static' keyword as this function is referenced outside this
source file.
(WebCore::initializeXMLParser):
- Don't set external entity loader here since it will be set by
XMLDocumentParserScope instead.
- Add RELEASE_ASSERT() that the external entity loader isn't already set
to WebCore::externalEntityLoader. This indicates that an
XMLDocumentParserScope was created too early, and that external entity
loading will result in a stack recursion crash later.
(WebCore::XMLDocumentParser::initializeParserContext):
- Remove unneeded XMLDocumentParserScope object.
(WebCore::XMLDocumentParser::appendFragmentSource):
- Add missing XMLDocumentParserScope object.
(WebCore::parseAttributes):
- Add WebCore::CachedResourceLoader to argument list so that an
XMLDocumentParserScope object can be created before calling libxml2 to
parse XML content.
* Source/WebCore/xml/parser/XMLDocumentParserScope.cpp:
(WebCore::XMLDocumentParserScope::XMLDocumentParserScope):
(WebCore::XMLDocumentParserScope::~XMLDocumentParserScope):
- Update to save the current external entity loader and set WebKit's
external entity loader function.
* Source/WebCore/xml/parser/XMLDocumentParserScope.h:
(WebCore::XMLDocumentParserScope::m_oldEntityLoader): Add.
- Add instance variable for saving and restoring the external entity
loader.
Canonical link: https://commits.webkit.org/278168@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
