[Webkit-unassigned] [Bug 103902] xml-stylesheet XSL is not requested with JavaScript disabled

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jan 21 12:24:01 PST 2013 

https://bugs.webkit.org/show_bug.cgi?id=103902


Vivek Galatage <vivekg at webkit.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |abarth at webkit.org,
                   |                            |eric at webkit.org,
                   |                            |vivekg at webkit.org




--- Comment #4 from Vivek Galatage <vivekg at webkit.org>  2013-01-21 12:25:52 PST ---
I am investigating this issue and found the CachedResourceLoader::canRequest() method has a follow through for the CachedResource::XSLStyleSheet type onto CachedResource::Script in the switch case. But I guess it's a side effect of switch follow through that the XSLT is also blocked when the javascript is blocked. 

The XSLT style sheet is made in sync with Script as per [1].  But as can be seen in the attached patch [2], there was no check existed for script being enabled/disabled. Whereas the latest code [3] has this check and I think because of this check the transformation is not completed when javascript is disabled.

I would be glad to receive the inputs about the findings above and if these assumptions are correct, then we can have the switch case for XSLStyleSheet as:

    switch (type) {
#if ENABLE(XSLT)
    case CachedResource::XSLStyleSheet:
        if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowStyleFromSource(url))
            return false;
        break;
#endif
    ...
    }

The above fix works fine and the transformation is successful when the javascript is blocked. But I am unaware of any security holes this might open up. Hence requesting about the feedback. 

Also I need to add the test case(s) depicting the above scenario. I will add all these sooner in a separate patch. 

Thank you.

[1] https://bugs.webkit.org/show_bug.cgi?id=63637
[2] https://bugs.webkit.org/attachment.cgi?id=110889&action=review
[3] http://trac.webkit.org/browser/trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp#L362

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list