Title: [148144] trunk/Source/WebCore
- Revision
- 148144
- Author
- [email protected]
- Date
- 2013-04-10 15:45:35 -0700 (Wed, 10 Apr 2013)
Log Message
<rdar://problem/13047266> External XML entities are not loaded with modern libxml2
https://bugs.webkit.org/show_bug.cgi?id=114377
Reviewed by Darin Adler.
Covered by http/tests/security/xss-DENIED-xml-external-entity.xhtml when using
new enough libxml2.
* xml/parser/XMLDocumentParserLibxml2.cpp:
(WebCore::switchToUTF16): Added a FIXME with an idea for improvement.
(WebCore::XMLParserContext::createStringParser): Apply XML_PARSE_NOENT in a non-hacky
way, so that the new libxml2 check doesn't fail.
(WebCore::XMLParserContext::createMemoryParser): Updated an unhelpful and incorrect
comment (XML_PARSE_NODICT actually means "Do not reuse the context dictionary").
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (148143 => 148144)
--- trunk/Source/WebCore/ChangeLog 2013-04-10 22:35:29 UTC (rev 148143)
+++ trunk/Source/WebCore/ChangeLog 2013-04-10 22:45:35 UTC (rev 148144)
@@ -1,3 +1,20 @@
+2013-04-10 Alexey Proskuryakov <[email protected]>
+
+ <rdar://problem/13047266> External XML entities are not loaded with modern libxml2
+ https://bugs.webkit.org/show_bug.cgi?id=114377
+
+ Reviewed by Darin Adler.
+
+ Covered by http/tests/security/xss-DENIED-xml-external-entity.xhtml when using
+ new enough libxml2.
+
+ * xml/parser/XMLDocumentParserLibxml2.cpp:
+ (WebCore::switchToUTF16): Added a FIXME with an idea for improvement.
+ (WebCore::XMLParserContext::createStringParser): Apply XML_PARSE_NOENT in a non-hacky
+ way, so that the new libxml2 check doesn't fail.
+ (WebCore::XMLParserContext::createMemoryParser): Updated an unhelpful and incorrect
+ comment (XML_PARSE_NODICT actually means "Do not reuse the context dictionary").
+
2013-04-10 Eric Carlson <[email protected]>
[Mac] in-band tracks sometimes not recognized
Modified: trunk/Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp (148143 => 148144)
--- trunk/Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp 2013-04-10 22:35:29 UTC (rev 148143)
+++ trunk/Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp 2013-04-10 22:45:35 UTC (rev 148144)
@@ -380,6 +380,9 @@
// resetting the encoding to UTF-16 before every chunk. Otherwise libxml
// will detect <?xml version="1.0" encoding="<encoding name>"?> blocks
// and switch encodings, causing the parse to fail.
+
+ // FIXME: Can we just use XML_PARSE_IGNORE_ENC now?
+
const UChar BOM = 0xFEFF;
const unsigned char BOMHighByte = *reinterpret_cast<const unsigned char*>(&BOM);
xmlSwitchEncoding(ctxt, BOMHighByte == 0xFF ? XML_CHAR_ENCODING_UTF16LE : XML_CHAR_ENCODING_UTF16BE);
@@ -499,7 +502,10 @@
xmlParserCtxtPtr parser = xmlCreatePushParserCtxt(handlers, 0, 0, 0, 0);
parser->_private = userData;
- parser->replaceEntities = true;
+
+ // Substitute entities.
+ xmlCtxtUseOptions(parser, XML_PARSE_NOENT);
+
switchToUTF16(parser);
return adoptRef(new XMLParserContext(parser));
@@ -523,12 +529,10 @@
if (!parser)
return 0;
- // Copy the sax handler
memcpy(parser->sax, handlers, sizeof(xmlSAXHandler));
- // Set parser options.
- // XML_PARSE_NODICT: default dictionary option.
- // XML_PARSE_NOENT: force entities substitutions.
+ // Substitute entities.
+ // FIXME: Why is XML_PARSE_NODICT needed? This is different from what createStringParser does.
xmlCtxtUseOptions(parser, XML_PARSE_NODICT | XML_PARSE_NOENT);
// Internal initialization
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
