Bug 191075

Summary: XSLTProcessor should limit max transform depth
Product: WebKit Reporter: David Kilzer (:ddkilzer) <ddkilzer>
Component: XMLAssignee: David Kilzer (:ddkilzer) <ddkilzer>
Severity: Normal CC: achristensen, andersca, benjamin, bfulgham, cdumez, cmarcelo, commit-queue, dbates, ews-watchlist, rniwa, webkit-bug-importer, wenson_hsieh
Priority: P2 Keywords: InRadar
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=67310
Description Flags
Patch v1
Patch v2 none

Description David Kilzer (:ddkilzer) 2018-10-30 12:38:09 PDT
XSLTProcessor should limit max transform depth to a reasonable amount.

The default for libxslt is currently 3000.

Comment 1 David Kilzer (:ddkilzer) 2018-10-30 12:46:24 PDT
Created attachment 353398 [details]
Patch v1
Comment 2 David Kilzer (:ddkilzer) 2018-10-30 12:59:17 PDT
(In reply to David Kilzer (:ddkilzer) from comment #1)
> Created attachment 353398 [details]
> Patch v1

Due to soft-linking, I'll need to modify the code to work with Apple platforms (using soft-linking) and non-Apple platforms without soft-linking.
Comment 3 David Kilzer (:ddkilzer) 2018-10-30 13:01:53 PDT
Created attachment 353399 [details]
Patch v2
Comment 4 WebKit Commit Bot 2018-10-30 20:36:40 PDT
Comment on attachment 353399 [details]
Patch v2

Clearing flags on attachment: 353399

Committed r237620: <https://trac.webkit.org/changeset/237620>
Comment 5 WebKit Commit Bot 2018-10-30 20:36:42 PDT
All reviewed patches have been landed.  Closing bug.