273045 2024-04-21 09:51:09 -0700 [WK1] WebKit XML parsing can deny external entity loads from other in-process libxml2 clients 2024-05-01 09:08:32 -0700 1 1 1 Unclassified WebKit XML WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 259235 273553 1 ddkilzer ddkilzer webkit-bug-importer oldest_to_newest 2030095 0 ddkilzer 2024-04-21 09:51:09 -0700 WebKit XML parsing can deny external entity loads from other libxml2 clients. Caused by: Check if external entity loads from libxslt are allowed before loading them <https://bugs.webkit.org/show_bug.cgi?id=259235> <rdar://111457167> <https://commits.webkit.org/269108@main> <rdar://126476952> 2030097 1 ddkilzer 2024-04-21 09:56:58 -0700 The fix for Bug 259235 replaced the default libxml2 external entity loader function with one from WebKit that implements the same-origin policy, but that means that WebKit1 clients that use libxml2 for parsing independent of WebKit also start using this function, which can cause load failures depending on the libxml2 API used. One example API method that's affected is xmlCtxtReadFile(), which calls xmlLoadExternalEntity() to load the file. 2030098 2 ddkilzer 2024-04-21 10:08:53 -0700 Pull request: https://github.com/WebKit/WebKit/pull/27562 2032221 3 ews-feeder 2024-04-30 08:20:32 -0700 Committed 278168@main (7b1fb05b974f): <https://commits.webkit.org/278168@main> Reviewed commits have been landed. Closing PR #27562 and removing active labels. 2032493 4 ews-feeder 2024-05-01 09:04:09 -0700 Committed 272448.976@safari-7618-branch (27da22ef6db2): <https://commits.webkit.org/272448.976@safari-7618-branch> Reviewed commits have been landed. Closing PR #1245 and removing active labels.