RESOLVED FIXED273045
[WK1] WebKit XML parsing can deny external entity loads from other in-process libxml2 clients 
https://bugs.webkit.org/show_bug.cgi?id=273045
Summary [WK1] WebKit XML parsing can deny external entity loads from other in-process...
David Kilzer (:ddkilzer)
Reported 2024-04-21 09:51:09 PDT
WebKit XML parsing can deny external entity loads from other libxml2 clients. Caused by: Check if external entity loads from libxslt are allowed before loading them <https://bugs.webkit.org/show_bug.cgi?id=259235> <rdar://111457167> <https://commits.webkit.org/269108@main> <rdar://126476952>
Attachments
Add attachment proposed patch, testcase, etc.
David Kilzer (:ddkilzer)
Comment 1 2024-04-21 09:56:58 PDT
The fix for Bug 259235 replaced the default libxml2 external entity loader function with one from WebKit that implements the same-origin policy, but that means that WebKit1 clients that use libxml2 for parsing independent of WebKit also start using this function, which can cause load failures depending on the libxml2 API used. One example API method that's affected is xmlCtxtReadFile(), which calls xmlLoadExternalEntity() to load the file.
David Kilzer (:ddkilzer)
Comment 2 2024-04-21 10:08:53 PDT
Pull request: https://github.com/WebKit/WebKit/pull/27562
EWS
Comment 3 2024-04-30 08:20:32 PDT
Committed 278168@main (7b1fb05b974f): <https://commits.webkit.org/278168@main> Reviewed commits have been landed. Closing PR #27562 and removing active labels.
EWS
Comment 4 2024-05-01 09:04:09 PDT
Committed 272448.976@safari-7618-branch (27da22ef6db2): <https://commits.webkit.org/272448.976@safari-7618-branch> Reviewed commits have been landed. Closing PR #1245 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.