Bug 43093 - xsl transformation does not work locally (file://)
Summary: xsl transformation does not work locally (file://)
Alias: None
Product: WebKit
Classification: Unclassified
Component: XML (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Linux
: P2 Normal
Assignee: Nobody
Depends on:
Reported: 2010-07-27 16:38 PDT by thomas.bartensud
Modified: 2010-08-09 00:47 PDT (History)
3 users (show)

See Also:

test.xml and test.xsl for reproducing the bug. (456 bytes, application/x-gzip)
2010-07-27 16:40 PDT, thomas.bartensud
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description thomas.bartensud 2010-07-27 16:38:10 PDT
On loading a local xml file (file://.../test.xml), a refernced xsl stylesheet can not be loaded.

Error on JavaScript Console: "Unsafe attempt to load URL file:///media/Datengrab/test.xsl from frame with URL file:///media/Datengrab/test.xml. Domains, protocols and ports must match."

If it's loaded from a web server the xsl file is loaded and transformation takes place correctly: http://adx.elektronengehirn.net/test/chrome-bug_local-xsl-transformation/test.xml

Steps to Reproduce:
Download attached files test.xml and test.xsl and save in same directory.
Load test.xml in Chromium (file://.../test.xml)

Expected Results:
Loading the referenced xsl file and transform the xml data to HTML.

Build Date & Platform: 
Chromium: 5.0.375.125 (Developer Build 53311) Ubuntu 10.04
WebKit: 533.4
User Agent: Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.125 Safari/533.4

I recognized this first in an Chromium version a few months ago. 
This bug did not occur in certain older versions: 
- Iron 3.? under Windows 
- Iron 4.? under Ubuntu 9
Comment 1 thomas.bartensud 2010-07-27 16:40:31 PDT
Created attachment 62769 [details]
test.xml and test.xsl for reproducing the bug.
Comment 2 Alexey Proskuryakov 2010-08-02 12:42:09 PDT
I think that it's intentional in some ports of WebKit that file:// documents cannot load resources from file:// (as a defense from malicious code that users saved to local files from the Web). It might have been driven primarily by a desire to limit XMLHttpRequest, but XSLT is not all that different.
Comment 3 Adam Barth 2010-08-02 14:14:20 PDT
Thanks for the report.  You're running to this issue:


This is a non-standard setting that Chrome uses for WebKit to mitigate some attacks from malicious local files.  You might want to post this information to that bug so that the folks working on a solution take your perspective into account.
Comment 4 Adam Barth 2010-08-02 14:15:08 PDT
Actually, i see that that bug has been locked for comments.  I'll add the information to the bug for you.