Bug 273045
| Summary: | [WK1] WebKit XML parsing can deny external entity loads from other in-process libxml2 clients | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | David Kilzer (:ddkilzer) <ddkilzer> |
| Component: | XML | Assignee: | David Kilzer (:ddkilzer) <ddkilzer> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Bug Depends on: | 259235 | ||
| Bug Blocks: | 273553 | ||
David Kilzer (:ddkilzer)
WebKit XML parsing can deny external entity loads from other libxml2 clients.
Caused by:
Check if external entity loads from libxslt are allowed before loading them
<https://bugs.webkit.org/show_bug.cgi?id=259235>
<rdar://111457167>
<https://commits.webkit.org/269108@main>
<rdar://126476952>
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
David Kilzer (:ddkilzer)
The fix for Bug 259235 replaced the default libxml2 external entity loader function with one from WebKit that implements the same-origin policy, but that means that WebKit1 clients that use libxml2 for parsing independent of WebKit also start using this function, which can cause load failures depending on the libxml2 API used.
One example API method that's affected is xmlCtxtReadFile(), which calls xmlLoadExternalEntity() to load the file.
David Kilzer (:ddkilzer)
Pull request: https://github.com/WebKit/WebKit/pull/27562
EWS
Committed 278168@main (7b1fb05b974f): <https://commits.webkit.org/278168@main>
Reviewed commits have been landed. Closing PR #27562 and removing active labels.
EWS
Committed 272448.976@safari-7618-branch (27da22ef6db2): <https://commits.webkit.org/272448.976@safari-7618-branch>
Reviewed commits have been landed. Closing PR #1245 and removing active labels.