RESOLVED INVALID60175
[Qt]http/tests/security/xss-DENIED-xsl-document.xml fails with Qt >= 4.8
https://bugs.webkit.org/show_bug.cgi?id=60175
Summary [Qt]http/tests/security/xss-DENIED-xsl-document.xml fails with Qt >= 4.8
Csaba Osztrogonác
Reported 2011-05-04 09:17:17 PDT
http/tests/security/xss-DENIED-xsl-document.xml fails with Qt 4.8 HEAD, but passes with released Qt 4.7.2 . --- /ramdisk/qt-linux-32-release-qt470/build/layout-test-results/http/tests/security/xss-DENIED-xsl-document-expected.txt 2011-05-04 08:28:53.690215995 -0700 +++ /ramdisk/qt-linux-32-release-qt470/build/layout-test-results/http/tests/security/xss-DENIED-xsl-document-actual.txt 2011-05-04 08:28:53.690215995 -0700 @@ -1,4 +1,4 @@ CONSOLE MESSAGE: line 2: <html xmlns='http://www.w3.org/1999/xhtml/'><body><p>Running an XSL-T 1.0 stylesheet with a 2.0 processor.</p></body></html> -CONSOLE MESSAGE: line -1: <html xmlns='http://www.w3.org/1999/xhtml/'><body><p>Cannot open /: Path is a directory</p></body></html> +CONSOLE MESSAGE: line -1: <html xmlns='http://www.w3.org/1999/xhtml/'><body><p>Protocol &quot;&quot; is unknown</p></body></html> layer at (0,0) size 800x600 RenderView at (0,0) size 800x600
Attachments
Csaba Osztrogonác
Comment 1 2011-05-06 04:02:08 PDT
Could you guys take up this task (and https://bugs.webkit.org/show_bug.cgi?id=60176)? You must know much more about the differences between Qt 4.7 and Qt 4.8 than me. 4.8 bots (one for WebKit trunk, one for QtWebKit 2.2 branch )should be green to be able to catch new regressions.
Csaba Osztrogonác
Comment 2 2011-05-10 06:52:13 PDT
Ademar Reis
Comment 4 2011-05-18 12:10:28 PDT
No need to block qtwebkit-2.2 anymore, as XSLT is currently disabled in production branches (See bug 60824 for details).
Csaba Osztrogonác
Comment 5 2011-05-27 05:46:48 PDT
Robert Hogan
Comment 6 2011-05-30 15:09:23 PDT
*** Bug 52394 has been marked as a duplicate of this bug. ***
Robert Hogan
Comment 7 2011-05-30 15:15:18 PDT
Ends with: ASSERT failure in QUrl QPatternist::ReportContext::resolveURI(const QUrl&, const QUrl&) const: "The QAbstractUriResolver must return an absolute URI.", file environment/qreportcontext.cpp, line 472 See also: https://bugs.webkit.org/show_bug.cgi?id=33423 It looks like returning a QUrl() for cross-origin requests in: QUrl XSLTUriResolver::resolve(const QUrl& relative, const QUrl& baseURI) const { QUrl url = baseURI.resolved(relative); if (!m_document->frame() || !m_document->securityOrigin()->canRequest(url)) return QUrl(); return url; } now triggers an assert in this in qreportcontext.cpp in Qt: QUrl ReportContext::resolveURI(const QUrl &relative, const QUrl &baseURI) const { Q_ASSERT_X(!baseURI.isRelative(), Q_FUNC_INFO, "The base URI passed from the engine wasn't absolute."); const QAbstractUriResolver *const resolver(uriResolver()); if(resolver) { const QUrl final(resolver->resolve(relative, baseURI)); Q_ASSERT_X(final.isValid() || final.isEmpty(), Q_FUNC_INFO, "The QAbstractUriResolver must return a valid URI."); Q_ASSERT_X(!final.isRelative(), Q_FUNC_INFO, "The QAbstractUriResolver must return an absolute URI."); return final; } else return baseURI.resolved(relative); }
Jakub Wieczorek
Comment 8 2011-05-31 00:42:24 PDT
I suspect it's a change in QUrl that's causing this assert. Anyway, as the code is not shipping and there does not seem to be any chance the XSLT support will improve in the near future (per http://labs.qt.nokia.com/2011/05/12/qt-modules-maturity-level-the-list/, which renders the whole module "Done", which means no new features as I understand it) as well as the API is not really well suited for the integration in QtWebKit (of which this bug is an example of), I suggest simply ditching this.
Csaba Osztrogonác
Comment 9 2011-07-14 08:00:10 PDT
This bug is still valid, it wasn't fixed in http://bugreports.qt.nokia.com/browse/QTBUG-19556 ...
Csaba Osztrogonác
Comment 10 2012-01-24 07:25:22 PST
The bug is still vaild with Qt 4.8.0 and the recent Qt5 too.
Csaba Osztrogonác
Comment 11 2012-05-18 06:22:49 PDT
Still valid bug with Qt 4.8 and Qt 5. Qt 4.8 fail: --- /home/oszi/WebKit/WebKitBuild/Release/layout-test-results/http/tests/security/xss-DENIED-xsl-document-expected.txt +++ /home/oszi/WebKit/WebKitBuild/Release/layout-test-results/http/tests/security/xss-DENIED-xsl-document-actual.txt @@ -1,4 +1,4 @@ CONSOLE MESSAGE: line 2: <html xmlns='http://www.w3.org/1999/xhtml/'><body><p>Running an XSL-T 1.0 stylesheet with a 2.0 processor.</p></body></html> -CONSOLE MESSAGE: line -1: <html xmlns='http://www.w3.org/1999/xhtml/'><body><p>Cannot open /: Path is a directory</p></body></html> +CONSOLE MESSAGE: line -1: <html xmlns='http://www.w3.org/1999/xhtml/'><body><p>Protocol &quot;&quot; is unknown</p></body></html> layer at (0,0) size 800x600 RenderView at (0,0) size 800x600 Qt 5 fail: --- /home/oszi/WebKit/WebKitBuild/Release/layout-test-results/http/tests/security/xss-DENIED-xsl-document-expected.txt +++ /home/oszi/WebKit/WebKitBuild/Release/layout-test-results/http/tests/security/xss-DENIED-xsl-document-actual.txt @@ -1,4 +1,4 @@ CONSOLE MESSAGE: line 2: <html xmlns='http://www.w3.org/1999/xhtml/'><body><p>Running an XSL-T 1.0 stylesheet with a 2.0 processor.</p></body></html> -CONSOLE MESSAGE: line -1: <html xmlns='http://www.w3.org/1999/xhtml/'><body><p>Cannot open /: Path is a directory</p></body></html> +CONSOLE MESSAGE: line -1: <html xmlns='http://www.w3.org/1999/xhtml/'><body><p>Protocol &quot;&quot; is unknown</p></body></html> layer at (0,0) size 800x600 RenderView at (0,0) size 800x600
Csaba Osztrogonác
Comment 12 2012-05-18 06:26:12 PDT
Qt5 fail: (in the previous comment it was copy/paste error) --- /mnt/raptor1/WebKit/WebKitBuild/Release/layout-test-results/http/tests/security/xss-DENIED-xsl-document-expected.txt +++ /mnt/raptor1/WebKit/WebKitBuild/Release/layout-test-results/http/tests/security/xss-DENIED-xsl-document-actual.txt @@ -1,4 +1,3 @@ -CONSOLE MESSAGE: line 2: <html xmlns='http://www.w3.org/1999/xhtml/'><body><p>Running an XSL-T 1.0 stylesheet with a 2.0 processor.</p></body></html> -CONSOLE MESSAGE: line -1: <html xmlns='http://www.w3.org/1999/xhtml/'><body><p>Cannot open /: Path is a directory</p></body></html> -layer at (0,0) size 800x600 - RenderView at (0,0) size 800x600 +CONSOLE MESSAGE: Unsafe attempt to load URL http://localhost:8000/security/resources/target.xml from frame with URL http://127.0.0.1:8000/security/xss-DENIED-xsl-document.xml. Domains, protocols and ports must match. + +This test includes content via a cross-origin document() command. It passes if the load fails and thus there is no text below this line.
Csaba Osztrogonác
Comment 13 2012-10-09 02:03:49 PDT
This bug is still valid.
Csaba Osztrogonác
Comment 14 2012-11-21 03:59:12 PST
still valid
Note You need to log in before you can comment on or make changes to this bug.