With ToT libxml2, I'm seeing http/tests/security/xss-DENIED-xml-external-entity.xhtml fail because it doesn't even attempt to load the file, and thus doesn't generate a failure message.
The change in behavior was <https://git.gnome.org/browse/libxml2/commit/?id=4629ee02>.
Created attachment 197394 [details]
There are many differences between createStringParser and createMemoryParser. I'm only fixing one, because I don't know if any of the other differences are intentional.
Notably, I'm not adding XML_PARSE_NODICT - I checked the history, and I couldn't find the reason why createMemoryParser uses it.
Comment on attachment 197394 [details]
View in context: https://bugs.webkit.org/attachment.cgi?id=197394&action=review
> + xmlCtxtUseOptions(parser, XML_PARSE_NOENT);
It might be nice to have a comment explaining why this is the right option to use.
> // Copy the sax handler
Wow, lame comment.
> xmlCtxtUseOptions(parser, XML_PARSE_NODICT | XML_PARSE_NOENT);
It might still be nice to have a comment explaining why these are the right options to use.
Committed <http://trac.webkit.org/r148144>. I changed comments a little, but I don't understand this code enough to explain everything about it.
*** Bug 104680 has been marked as a duplicate of this bug. ***