114377 – External XML entities are not loaded with modern libxml2

RESOLVED FIXED Bug 114377

External XML entities are not loaded with modern libxml2

https://bugs.webkit.org/show_bug.cgi?id=114377

Summary External XML entities are not loaded with modern libxml2

Alexey Proskuryakov

Reported 2013-04-10 13:09:07 PDT

With ToT libxml2, I'm seeing http/tests/security/xss-DENIED-xml-external-entity.xhtml fail because it doesn't even attempt to load the file, and thus doesn't generate a failure message. <rdar://problem/13047266>

Attachments
proposed fix (2.69 KB, patch) 2013-04-10 13:18 PDT, Alexey Proskuryakov	darin: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Alexey Proskuryakov

Comment 1 2013-04-10 13:09:42 PDT

The change in behavior was <https://git.gnome.org/browse/libxml2/commit/?id=4629ee02>.

Alexey Proskuryakov

Comment 2 2013-04-10 13:18:35 PDT

Created attachment 197394 [details] proposed fix There are many differences between createStringParser and createMemoryParser. I'm only fixing one, because I don't know if any of the other differences are intentional. Notably, I'm not adding XML_PARSE_NODICT - I checked the history, and I couldn't find the reason why createMemoryParser uses it.

Darin Adler

Comment 3 2013-04-10 13:24:21 PDT

Comment on attachment 197394 [details] proposed fix View in context: https://bugs.webkit.org/attachment.cgi?id=197394&action=review > Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp:506 > + xmlCtxtUseOptions(parser, XML_PARSE_NOENT); It might be nice to have a comment explaining why this is the right option to use. > Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp:531 > // Copy the sax handler Wow, lame comment. > Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp:534 > xmlCtxtUseOptions(parser, XML_PARSE_NODICT | XML_PARSE_NOENT); It might still be nice to have a comment explaining why these are the right options to use.

Alexey Proskuryakov

Comment 4 2013-04-10 15:44:59 PDT

Committed <http://trac.webkit.org/r148144>. I changed comments a little, but I don't understand this code enough to explain everything about it.

Zan Dobersek

Comment 5 2013-06-03 12:37:53 PDT

*** Bug 104680 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component XML

Assignee

Alexey Proskuryakov

Reported

2013-04-10 13:09 PDT

Modified

2013-06-03 12:37 PDT History

CC List

2 users Show

URL

Keywords InRadar

Duplicates (1)

104680 View as bug list

Depends on

Blocks