Changeset 148144 in webkit


Ignore:
Timestamp:
Apr 10, 2013, 3:45:35 PM (12 years ago)
Author:
ap@apple.com
Message:

<rdar://problem/13047266> External XML entities are not loaded with modern libxml2
https://bugs.webkit.org/show_bug.cgi?id=114377

Reviewed by Darin Adler.

Covered by http/tests/security/xss-DENIED-xml-external-entity.xhtml when using
new enough libxml2.

  • xml/parser/XMLDocumentParserLibxml2.cpp: (WebCore::switchToUTF16): Added a FIXME with an idea for improvement. (WebCore::XMLParserContext::createStringParser): Apply XML_PARSE_NOENT in a non-hacky way, so that the new libxml2 check doesn't fail. (WebCore::XMLParserContext::createMemoryParser): Updated an unhelpful and incorrect comment (XML_PARSE_NODICT actually means "Do not reuse the context dictionary").
Location:
trunk/Source/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r148140 r148144  
     12013-04-10  Alexey Proskuryakov  <ap@apple.com>
     2
     3        <rdar://problem/13047266> External XML entities are not loaded with modern libxml2
     4        https://bugs.webkit.org/show_bug.cgi?id=114377
     5
     6        Reviewed by Darin Adler.
     7
     8        Covered by http/tests/security/xss-DENIED-xml-external-entity.xhtml when using
     9        new enough libxml2.
     10
     11        * xml/parser/XMLDocumentParserLibxml2.cpp:
     12        (WebCore::switchToUTF16): Added a FIXME with an idea for improvement.
     13        (WebCore::XMLParserContext::createStringParser): Apply XML_PARSE_NOENT in a non-hacky
     14        way, so that the new libxml2 check doesn't fail.
     15        (WebCore::XMLParserContext::createMemoryParser): Updated an unhelpful and incorrect
     16        comment (XML_PARSE_NODICT actually means "Do not reuse the context dictionary").
     17
    1182013-04-10  Eric Carlson  <eric.carlson@apple.com>
    219

  • trunk/Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp

    r147281 r148144  
    381381    // will detect <?xml version="1.0" encoding="<encoding name>"?> blocks
    382382    // and switch encodings, causing the parse to fail.
     383
     384    // FIXME: Can we just use XML_PARSE_IGNORE_ENC now?
     385
    383386    const UChar BOM = 0xFEFF;
    384387    const unsigned char BOMHighByte = *reinterpret_cast<const unsigned char*>(&BOM);
     
    500503    xmlParserCtxtPtr parser = xmlCreatePushParserCtxt(handlers, 0, 0, 0, 0);
    501504    parser->_private = userData;
    502     parser->replaceEntities = true;
     505
     506    // Substitute entities.
     507    xmlCtxtUseOptions(parser, XML_PARSE_NOENT);
     508
    503509    switchToUTF16(parser);
    504510
     
    524530        return 0;
    525531
    526     // Copy the sax handler
    527532    memcpy(parser->sax, handlers, sizeof(xmlSAXHandler));
    528533
    529     // Set parser options.
    530     // XML_PARSE_NODICT: default dictionary option.
    531     // XML_PARSE_NOENT: force entities substitutions.
     534    // Substitute entities.
     535    // FIXME: Why is XML_PARSE_NODICT needed? This is different from what createStringParser does.
    532536    xmlCtxtUseOptions(parser, XML_PARSE_NODICT | XML_PARSE_NOENT);
    533537
Note: See TracChangeset for help on using the changeset viewer.