[Webkit-unassigned] [Bug 103902] xml-stylesheet XSL is not requested with JavaScript disabled
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jan 21 12:24:01 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=103902
Vivek Galatage <vivekg at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |abarth at webkit.org,
| |eric at webkit.org,
| |vivekg at webkit.org
--- Comment #4 from Vivek Galatage <vivekg at webkit.org> 2013-01-21 12:25:52 PST ---
I am investigating this issue and found the CachedResourceLoader::canRequest() method has a follow through for the CachedResource::XSLStyleSheet type onto CachedResource::Script in the switch case. But I guess it's a side effect of switch follow through that the XSLT is also blocked when the javascript is blocked.
The XSLT style sheet is made in sync with Script as per [1]. But as can be seen in the attached patch [2], there was no check existed for script being enabled/disabled. Whereas the latest code [3] has this check and I think because of this check the transformation is not completed when javascript is disabled.
I would be glad to receive the inputs about the findings above and if these assumptions are correct, then we can have the switch case for XSLStyleSheet as:
switch (type) {
#if ENABLE(XSLT)
case CachedResource::XSLStyleSheet:
if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowStyleFromSource(url))
return false;
break;
#endif
...
}
The above fix works fine and the transformation is successful when the javascript is blocked. But I am unaware of any security holes this might open up. Hence requesting about the feedback.
Also I need to add the test case(s) depicting the above scenario. I will add all these sooner in a separate patch.
Thank you.
[1] https://bugs.webkit.org/show_bug.cgi?id=63637
[2] https://bugs.webkit.org/attachment.cgi?id=110889&action=review
[3] http://trac.webkit.org/browser/trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp#L362
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list