Bug 43093

Summary: xsl transformation does not work locally (file://)
Product: WebKit Reporter: thomas.bartensud
Component: XMLAssignee: Nobody <webkit-unassigned>
Status: RESOLVED LATER    
Severity: Normal CC: abarth, ap, mike
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
test.xml and test.xsl for reproducing the bug. none

thomas.bartensud
Reported 2010-07-27 16:38:10 PDT
Overview: On loading a local xml file (file://.../test.xml), a refernced xsl stylesheet can not be loaded. Error on JavaScript Console: "Unsafe attempt to load URL file:///media/Datengrab/test.xsl from frame with URL file:///media/Datengrab/test.xml. Domains, protocols and ports must match." If it's loaded from a web server the xsl file is loaded and transformation takes place correctly: http://adx.elektronengehirn.net/test/chrome-bug_local-xsl-transformation/test.xml Steps to Reproduce: Download attached files test.xml and test.xsl and save in same directory. Load test.xml in Chromium (file://.../test.xml) Expected Results: Loading the referenced xsl file and transform the xml data to HTML. Build Date & Platform: Chromium: 5.0.375.125 (Developer Build 53311) Ubuntu 10.04 WebKit: 533.4 V8: 2.1.10.15 User Agent: Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.125 Safari/533.4 I recognized this first in an Chromium version a few months ago. This bug did not occur in certain older versions: - Iron 3.? under Windows - Iron 4.? under Ubuntu 9
Attachments
test.xml and test.xsl for reproducing the bug. (456 bytes, application/x-gzip)
2010-07-27 16:40 PDT, thomas.bartensud 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
thomas.bartensud
Comment 1 2010-07-27 16:40:31 PDT
Created attachment 62769 [details] test.xml and test.xsl for reproducing the bug.
Alexey Proskuryakov
Comment 2 2010-08-02 12:42:09 PDT
I think that it's intentional in some ports of WebKit that file:// documents cannot load resources from file:// (as a defense from malicious code that users saved to local files from the Web). It might have been driven primarily by a desire to limit XMLHttpRequest, but XSLT is not all that different.
Adam Barth
Comment 3 2010-08-02 14:14:20 PDT
Thanks for the report. You're running to this issue: http://code.google.com/p/chromium/issues/detail?id=47416 This is a non-standard setting that Chrome uses for WebKit to mitigate some attacks from malicious local files. You might want to post this information to that bug so that the folks working on a solution take your perspective into account.
Adam Barth
Comment 4 2010-08-02 14:15:08 PDT
Actually, i see that that bug has been locked for comments. I'll add the information to the bug for you.
Note You need to log in before you can comment on or make changes to this bug.