60175 2011-05-04 09:17:17 -0700 [Qt]http/tests/security/xss-DENIED-xsl-document.xml fails with Qt >= 4.8 2014-02-01 19:00:03 -0800 1 1 1 Unclassified WebKit Tools / Tests 528+ (Nightly build) All All RESOLVED INVALID Qt, QtTriaged P2 Normal --- 79666 1 ossy webkit-unassigned ademar cmarcelo jwieczorek kling ossy robert oldest_to_newest 397957 0 ossy 2011-05-04 09:17:17 -0700 http/tests/security/xss-DENIED-xsl-document.xml fails with Qt 4.8 HEAD, but passes with released Qt 4.7.2 . --- /ramdisk/qt-linux-32-release-qt470/build/layout-test-results/http/tests/security/xss-DENIED-xsl-document-expected.txt 2011-05-04 08:28:53.690215995 -0700 +++ /ramdisk/qt-linux-32-release-qt470/build/layout-test-results/http/tests/security/xss-DENIED-xsl-document-actual.txt 2011-05-04 08:28:53.690215995 -0700 @@ -1,4 +1,4 @@ CONSOLE MESSAGE: line 2: <html xmlns='http://www.w3.org/1999/xhtml/'><body>Running an XSL-T 1.0 stylesheet with a 2.0 processor.</body></html> -CONSOLE MESSAGE: line -1: <html xmlns='http://www.w3.org/1999/xhtml/'><body>Cannot open /: Path is a directory</body></html> +CONSOLE MESSAGE: line -1: <html xmlns='http://www.w3.org/1999/xhtml/'><body>Protocol "" is unknown</body></html> layer at (0,0) size 800x600 RenderView at (0,0) size 800x600 399448 1 ossy 2011-05-06 04:02:08 -0700 Could you guys take up this task (and https://bugs.webkit.org/show_bug.cgi?id=60176)? You must know much more about the differences between Qt 4.7 and Qt 4.8 than me. 4.8 bots (one for WebKit trunk, one for QtWebKit 2.2 branch )should be green to be able to catch new regressions. 401170 2 ossy 2011-05-10 06:52:13 -0700 Skipped by http://trac.webkit.org/changeset/86148 and http://trac.webkit.org/changeset/86149 401173 3 ossy 2011-05-10 06:58:48 -0700 I meant: http://trac.webkit.org/changeset/86148 http://trac.webkit.org/changeset/86149 http://trac.webkit.org/changeset/86150 405928 4 ademar 2011-05-18 12:10:28 -0700 No need to block qtwebkit-2.2 anymore, as XSLT is currently disabled in production branches (See bug 60824 for details). 411365 5 ossy 2011-05-27 05:46:48 -0700 Qt bug report filed about it: http://bugreports.qt.nokia.com/browse/QTBUG-19556 412378 6 robert 2011-05-30 15:09:23 -0700 *** Bug 52394 has been marked as a duplicate of this bug. *** 412380 7 robert 2011-05-30 15:15:18 -0700 Ends with: ASSERT failure in QUrl QPatternist::ReportContext::resolveURI(const QUrl&, const QUrl&) const: "The QAbstractUriResolver must return an absolute URI.", file environment/qreportcontext.cpp, line 472 See also: https://bugs.webkit.org/show_bug.cgi?id=33423 It looks like returning a QUrl() for cross-origin requests in: QUrl XSLTUriResolver::resolve(const QUrl& relative, const QUrl& baseURI) const { QUrl url = baseURI.resolved(relative); if (!m_document->frame() || !m_document->securityOrigin()->canRequest(url)) return QUrl(); return url; } now triggers an assert in this in qreportcontext.cpp in Qt: QUrl ReportContext::resolveURI(const QUrl &relative, const QUrl &baseURI) const { Q_ASSERT_X(!baseURI.isRelative(), Q_FUNC_INFO, "The base URI passed from the engine wasn't absolute."); const QAbstractUriResolver *const resolver(uriResolver()); if(resolver) { const QUrl final(resolver->resolve(relative, baseURI)); Q_ASSERT_X(final.isValid() || final.isEmpty(), Q_FUNC_INFO, "The QAbstractUriResolver must return a valid URI."); Q_ASSERT_X(!final.isRelative(), Q_FUNC_INFO, "The QAbstractUriResolver must return an absolute URI."); return final; } else return baseURI.resolved(relative); } 412485 8 jwieczorek 2011-05-31 00:42:24 -0700 I suspect it's a change in QUrl that's causing this assert. Anyway, as the code is not shipping and there does not seem to be any chance the XSLT support will improve in the near future (per http://labs.qt.nokia.com/2011/05/12/qt-modules-maturity-level-the-list/, which renders the whole module "Done", which means no new features as I understand it) as well as the API is not really well suited for the integration in QtWebKit (of which this bug is an example of), I suggest simply ditching this. 437091 9 ossy 2011-07-14 08:00:10 -0700 This bug is still valid, it wasn't fixed in http://bugreports.qt.nokia.com/browse/QTBUG-19556 ... 541316 10 ossy 2012-01-24 07:25:22 -0800 The bug is still vaild with Qt 4.8.0 and the recent Qt5 too. 627626 11 ossy 2012-05-18 06:22:49 -0700 Still valid bug with Qt 4.8 and Qt 5. Qt 4.8 fail: --- /home/oszi/WebKit/WebKitBuild/Release/layout-test-results/http/tests/security/xss-DENIED-xsl-document-expected.txt +++ /home/oszi/WebKit/WebKitBuild/Release/layout-test-results/http/tests/security/xss-DENIED-xsl-document-actual.txt @@ -1,4 +1,4 @@ CONSOLE MESSAGE: line 2: <html xmlns='http://www.w3.org/1999/xhtml/'><body>Running an XSL-T 1.0 stylesheet with a 2.0 processor.</body></html> -CONSOLE MESSAGE: line -1: <html xmlns='http://www.w3.org/1999/xhtml/'><body>Cannot open /: Path is a directory</body></html> +CONSOLE MESSAGE: line -1: <html xmlns='http://www.w3.org/1999/xhtml/'><body>Protocol "" is unknown</body></html> layer at (0,0) size 800x600 RenderView at (0,0) size 800x600 Qt 5 fail: --- /home/oszi/WebKit/WebKitBuild/Release/layout-test-results/http/tests/security/xss-DENIED-xsl-document-expected.txt +++ /home/oszi/WebKit/WebKitBuild/Release/layout-test-results/http/tests/security/xss-DENIED-xsl-document-actual.txt @@ -1,4 +1,4 @@ CONSOLE MESSAGE: line 2: <html xmlns='http://www.w3.org/1999/xhtml/'><body>Running an XSL-T 1.0 stylesheet with a 2.0 processor.</body></html> -CONSOLE MESSAGE: line -1: <html xmlns='http://www.w3.org/1999/xhtml/'><body>Cannot open /: Path is a directory</body></html> +CONSOLE MESSAGE: line -1: <html xmlns='http://www.w3.org/1999/xhtml/'><body>Protocol "" is unknown</body></html> layer at (0,0) size 800x600 RenderView at (0,0) size 800x600 627628 12 ossy 2012-05-18 06:26:12 -0700 Qt5 fail: (in the previous comment it was copy/paste error) --- /mnt/raptor1/WebKit/WebKitBuild/Release/layout-test-results/http/tests/security/xss-DENIED-xsl-document-expected.txt +++ /mnt/raptor1/WebKit/WebKitBuild/Release/layout-test-results/http/tests/security/xss-DENIED-xsl-document-actual.txt @@ -1,4 +1,3 @@ -CONSOLE MESSAGE: line 2: <html xmlns='http://www.w3.org/1999/xhtml/'><body>Running an XSL-T 1.0 stylesheet with a 2.0 processor.</body></html> -CONSOLE MESSAGE: line -1: <html xmlns='http://www.w3.org/1999/xhtml/'><body>Cannot open /: Path is a directory</body></html> -layer at (0,0) size 800x600 - RenderView at (0,0) size 800x600 +CONSOLE MESSAGE: Unsafe attempt to load URL http://localhost:8000/security/resources/target.xml from frame with URL http://127.0.0.1:8000/security/xss-DENIED-xsl-document.xml. Domains, protocols and ports must match. + +This test includes content via a cross-origin document() command. It passes if the load fails and thus there is no text below this line. 737560 13 ossy 2012-10-09 02:03:49 -0700 This bug is still valid. 772781 14 ossy 2012-11-21 03:59:12 -0800 still valid