Bug 1539759 - improve DTD entity handling, r=peterv

Differential Revision: https://phabricator.services.mozilla.com/D27904 --HG-- extra : moz-landing-system : lando
2024-10-08 10:44:56 +00:00 · 2019-05-03 09:13:58 +00:00 · 2019-05-03 09:13:58 +00:00 · c1c14ab7ad
commit c1c14ab7ad
parent b0dd634187
4 changed files with 33 additions and 3 deletions
--- a/dom/base/test/browser_bug593387.js
+++ b/dom/base/test/browser_bug593387.js
@ -8,7 +8,7 @@

 add_task(async function test() {
  await BrowserTestUtils.withNewTab({ gBrowser,
-                                      url: "chrome://global/content/mozilla.xhtml" },
+                                      url: "chrome://global/content/aboutProfiles.xhtml" },
                                     async function(newBrowser) {
    // NB: We load the chrome:// page in the parent process.
    await testXFOFrameInChrome(newBrowser);
--- a/parser/expat/lib/xmlparse.c
+++ b/parser/expat/lib/xmlparse.c
@ -1765,6 +1765,8 @@ XML_SetAttlistDeclHandler(XML_Parser parser,
  if (parser != NULL)
    attlistDeclHandler = attdecl;
 }
+#endif
+/* END MOZILLA CHANGE */

 void XMLCALL
 XML_SetEntityDeclHandler(XML_Parser parser,
@ -1773,8 +1775,6 @@ XML_SetEntityDeclHandler(XML_Parser parser,
  if (parser != NULL)
    entityDeclHandler = handler;
 }
-#endif
-/* END MOZILLA CHANGE */

 void XMLCALL
 XML_SetXmlDeclHandler(XML_Parser parser,
--- a/parser/htmlparser/nsExpatDriver.cpp
+++ b/parser/htmlparser/nsExpatDriver.cpp
@ -154,6 +154,18 @@ static int Driver_HandleExternalEntityRef(void* aExternalEntityRefHandler,
                                         aPublicId);
 }

+static void Driver_HandleEntityDecl(
+    void* aUserData, const XML_Char* aEntityName, int aIsParameterEntity,
+    const XML_Char* aValue, int aValueLength, const XML_Char* aBase,
+    const XML_Char* aSystemId, const XML_Char* aPublicId,
+    const XML_Char* aNotationName) {
+  NS_ASSERTION(aUserData, "expat driver should exist");
+  if (aUserData) {
+    static_cast<nsExpatDriver*>(aUserData)->HandleEntityDecl(
+        aEntityName, aValue, aValueLength);
+  }
+}
+
 /***************************** END CALL BACKS ********************************/

 /***************************** CATALOG UTILS *********************************/
@ -474,6 +486,19 @@ nsresult nsExpatDriver::HandleEndDoctypeDecl() {
  return NS_OK;
 }

+void nsExpatDriver::HandleEntityDecl(const char16_t* aEntityName,
+                                     const char16_t* aEntityValue,
+                                     const uint32_t aLength) {
+  MOZ_ASSERT(
+      mInInternalSubset || mInExternalDTD,
+      "Should only see entity declarations in the internal subset or in DTDs");
+  auto charLength = aLength / sizeof(char16_t);
+  nsDependentSubstring entityVal(aEntityValue, charLength);
+  if (entityVal.FindChar('<') != -1) {
+    MaybeStopParser(NS_ERROR_UNEXPECTED);
+  }
+}
+
 static nsresult ExternalDTDStreamReaderFunc(nsIUnicharInputStream* aIn,
                                            void* aClosure,
                                            const char16_t* aFromSegment,
@ -1057,6 +1082,9 @@ nsExpatDriver::WillBuildModel(const CParserContext& aParserContext,

  XML_SetParamEntityParsing(mExpatParser,
                            XML_PARAM_ENTITY_PARSING_UNLESS_STANDALONE);
+  if (doc && doc->NodePrincipal()->IsSystemPrincipal()) {
+    XML_SetEntityDeclHandler(mExpatParser, Driver_HandleEntityDecl);
+  }
  XML_SetDoctypeDeclHandler(mExpatParser, Driver_HandleStartDoctypeDecl,
                            Driver_HandleEndDoctypeDecl);

--- a/parser/htmlparser/nsExpatDriver.h
+++ b/parser/htmlparser/nsExpatDriver.h
@ -49,6 +49,8 @@ class nsExpatDriver : public nsIDTD, public nsITokenizer {
                                  const char16_t* aPubid,
                                  bool aHasInternalSubset);
  nsresult HandleEndDoctypeDecl();
+  void HandleEntityDecl(const char16_t* aEntityName,
+                        const char16_t* aEntityValue, const uint32_t aLength);

 private:
  // Load up an external stream to get external entity information