Bug 104680

Summary: [libxml2] String parser contexts are not using necessary options
Product: WebKit Reporter: Zan Dobersek <zan>
Component: XMLAssignee: Zan Dobersek <zan>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: ap, mrowe
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Provisional patch
none
Patch ap: review-

Zan Dobersek
Reported 2012-12-11 09:38:44 PST
Compared to fragment parser contexts, they're not given any options, causing specific tests to fail.
Attachments
Provisional patch (786 bytes, patch)
2012-12-11 09:39 PST, Zan Dobersek 		no flags
DetailsFormatted DiffDiff
Patch (2.27 KB, patch)
2012-12-28 08:55 PST, Zan Dobersek 		ap: review-
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Zan Dobersek
Comment 1 2012-12-11 09:39:22 PST
Created attachment 178820 [details] Provisional patch
Zan Dobersek
Comment 2 2012-12-28 08:55:46 PST
Created attachment 180880 [details] Patch
Alexey Proskuryakov
Comment 3 2012-12-31 18:59:01 PST
Comment on attachment 180880 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=180880&action=review > Source/WebCore/ChangeLog:13 > + forces the parsed entities to be loaded. This is done only if Libxml2 version used is at This is a bit misleading - the check is based on version of headers, and is not a runtime one. That's probably OK, but does not match ChangeLog. > Source/WebCore/ChangeLog:14 > + least 2.9.0, otherwise the previous option setting behavior is retained. What is the reason to not do this unconditionally?
Zan Dobersek
Comment 4 2013-01-01 01:28:28 PST
Comment on attachment 180880 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=180880&action=review >> Source/WebCore/ChangeLog:14 >> + least 2.9.0, otherwise the previous option setting behavior is retained. > > What is the reason to not do this unconditionally? The intention here is to preserve current behavior when using pre-2.9.0 libxml2 version. For instance, I don't know what version of libxml2 the Mac port uses and I'd hate to possibly break the behavior. Though, I can tell that in the current code `parser->replaceEntities = true` is also set when xmlCtxtUseOptions is called with the XML_PARSE_NOENT option so the check could perhaps just be removed and xmlCtxtUseOptions call would do that work instead.
Alexey Proskuryakov
Comment 5 2013-06-03 10:15:29 PDT
Has <http://trac.webkit.org/changeset/148144> taken care of this? That patch is somewhat different, so I'm not quite sure.
Alexey Proskuryakov
Comment 6 2013-06-03 10:17:28 PDT
Comment on attachment 180880 [details] Patch r- since this patch doesn't apply cleanly any more. Please post an updated version if XML_PARSE_DTDVALID is needed with libxml2 2.9.0. If XML_PARSE_NODICT is also needed, it's probably better to add it in a separate patch with a regression test.
Zan Dobersek
Comment 7 2013-06-03 12:37:53 PDT
(In reply to comment #5) > Has <http://trac.webkit.org/changeset/148144> taken care of this? That patch is somewhat different, so I'm not quite sure. Possibly. Don't have any definitive data, but the http/tests/security/xss-DENIED-xml-external-entity.xhtml layout test is passing at the moment and has been passing for some time now. That failure was the reason behind this bug report and patch, so I think this is safe to mark as a duplicate. *** This bug has been marked as a duplicate of bug 114377 ***
Note You need to log in before you can comment on or make changes to this bug.