Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 66338748251c4f55d2b29e32e4851add3ed40f0e https://github.com/WebKit/WebKit/commit/66338748251c4f55d2b29e32e4851add3ed40f0e Author: David Kilzer <ddkil...@apple.com> Date: 2024-04-24 (Wed, 24 Apr 2024)
Changed paths: R LayoutTests/http/tests/security/resources/xslt-external-entity.svg R LayoutTests/http/tests/security/resources/xslt2.py A LayoutTests/http/tests/security/resources/xss-ALLOWED-xsl-external-entity-xslt-docloader.py A LayoutTests/http/tests/security/resources/xss-ALLOWED-xsl-external-entity-xslt-docloader.svg A LayoutTests/http/tests/security/resources/xss-ALLOWED-xsl-external-entity-xslt-docloader.xml A LayoutTests/http/tests/security/resources/xss-DENIED-xsl-external-entity-xslt-docloader.py A LayoutTests/http/tests/security/resources/xss-DENIED-xsl-external-entity-xslt-docloader.svg R LayoutTests/http/tests/security/xslt-external-entity-expected.txt R LayoutTests/http/tests/security/xslt-external-entity.html A LayoutTests/http/tests/security/xss-ALLOWED-xsl-external-entity-xslt-docloader-expected.txt A LayoutTests/http/tests/security/xss-ALLOWED-xsl-external-entity-xslt-docloader.html A LayoutTests/http/tests/security/xss-DENIED-xsl-external-entity-xslt-docloader-expected.txt A LayoutTests/http/tests/security/xss-DENIED-xsl-external-entity-xslt-docloader.html R LayoutTests/platform/mac-monterey/http/tests/security/xslt-external-entity-expected.txt A LayoutTests/platform/mac-monterey/http/tests/security/xss-DENIED-xsl-external-entity-xslt-docloader-expected.txt M Source/WebCore/xml/XSLTProcessorLibxslt.cpp M Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp Log Message: ----------- REGRESSION (269108@main): Same-origin XSLT document() loads fail https://bugs.webkit.org/show_bug.cgi?id=273106 <rdar://126897034> Reviewed by Alex Christensen. Prior to this change, all external entity loads using docLoaderFunc() in XSLTProcessorLibxslt.cpp would fail in shouldAllowExternalLoad() because XMLDocumentParserScope::currentCachedResourceLoader was nullptr. This caused both cross-origin loads and same-origin loads to fail. The fix is to make use of XMLDocumentParserScope in docLoaderFunc() to set XMLDocumentParserScope::currentCachedResourceLoader so that the same-origin policy is applied. We keep the check added to shouldAllowExternalLoad() from 269108@main in case a load is initiated without using XMLDocumentParserScope, and this change adds a Debug assert to catch those cases before the load fails. Tests: http/tests/security/xss-ALLOWED-xsl-external-entity-xslt-docloader.html http/tests/security/xss-DENIED-xsl-external-entity-xslt-docloader.html * LayoutTests/http/tests/security/resources/xss-ALLOWED-xsl-external-entity-xslt-docloader.py: Add. * LayoutTests/http/tests/security/resources/xss-ALLOWED-xsl-external-entity-xslt-docloader.svg: Copy from LayoutTests/http/tests/security/resources/xslt-external-entity.svg. * LayoutTests/http/tests/security/resources/xss-ALLOWED-xsl-external-entity-xslt-docloader.xml: Add. * LayoutTests/http/tests/security/resources/xss-DENIED-xsl-external-entity-xslt-docloader.py: Rename from LayoutTests/http/tests/security/resources/xslt2.py. * LayoutTests/http/tests/security/resources/xss-DENIED-xsl-external-entity-xslt-docloader.svg: Rename from LayoutTests/http/tests/security/resources/xslt-external-entity.svg. * LayoutTests/http/tests/security/xss-ALLOWED-xsl-external-entity-xslt-docloader-expected.txt: Add. * LayoutTests/http/tests/security/xss-ALLOWED-xsl-external-entity-xslt-docloader.html: Copy from LayoutTests/http/tests/security/xslt-external-entity.html. * LayoutTests/http/tests/security/xss-DENIED-xsl-external-entity-xslt-docloader-expected.txt: Rename from LayoutTests/http/tests/security/xslt-external-entity-expected.txt. - Update results with denied console messages. This change is the result of the bug fix. * LayoutTests/http/tests/security/xss-DENIED-xsl-external-entity-xslt-docloader.html: Rename from LayoutTests/http/tests/security/xslt-external-entity.html. - Add xss-ALLOWED-xsl-external-entity-xslt-docloader.html to test the same-origin case. This test failed before this fix. - Rename http/tests/security/xslt-external-entity.html to xss-DENIED-xsl-external-entity-xslt-docloader.html to match similar test cases. * LayoutTests/platform/mac-monterey/http/tests/security/xss-DENIED-xsl-external-entity-xslt-docloader-expected.txt: Rename from LayoutTests/platform/mac-monterey/http/tests/security/xslt-external-entity-expected.txt. - Update results with denied console messages. This change is the result of the bug fix. * Source/WebCore/xml/XSLTProcessorLibxslt.cpp: (WebCore::docLoaderFunc): - Make use of WebCore::XMLDocumentParserScope to fix the bug. * Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp: (WebCore::shouldAllowExternalLoad): - Add Debug assert to catch failures where XMLDocumentParserScope is missing, or a non-WebKit, in-process libxml2 load occurs. Canonical link: https://commits.webkit.org/277924@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications _______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes