Closed Bug 1273282 Opened 4 years ago Closed 4 years ago

Fix handling of numeric entities in xml-stylesheet href values

Categories

(Core :: XML, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla49
Tracking Status
firefox49 --- fixed

People

(Reporter: bzbarsky, Assigned: bzbarsky)

Details

(Whiteboard: btpp-active)

Attachments

(1 file, 2 obsolete files)

nsContentUtils::GetPseudoAttributeValue is buggy in the case of a hex numeric entity: when the entity is "&#x41" it hands a string that looks like "#x41" to an API function that expects to be pointing to "&#x41".  This function skips the first two chars and then checks whether the next char is an 'x'.  If it is, it goes ahead and treats the bits after the 'x' as a hex number.  Otherwise it treats what it has as a decimal number.  So we end up with ')' instead of 'A'.

Similarly, "&#41" ends up being mishandled in a way I didn't track down entirely; it causes the whole thing to fail out.

Fix coming up.
Attachment #8753081 - Attachment is obsolete: true
Attachment #8753081 - Flags: review?(peterv)
Attachment #8753160 - Attachment is obsolete: true
Attachment #8753160 - Flags: review?(peterv)
Whiteboard: btpp-active
Comment on attachment 8753192 [details] [diff] [review]
Fix the handling of numeric entities in xml-stylesheet href values

Review of attachment 8753192 [details] [diff] [review]:
-----------------------------------------------------------------

Could you add the comment that was in nsIParserService.h (see https://hg.mozilla.org/mozilla-central/rev/c593e878662a#l3.16) to the extern declaration in nsParserService.h, and correct it ("@param ptr pointer to the ampersand")?

::: parser/expat/lib/moz_extensions.c
@@ +122,3 @@
>    const ENCODING* enc = XmlGetUtf16InternalEncodingNS();
> +  /* scanRef expects to be pointed to the char after the '&'. */
> +  int tok = PREFIX(scanRef)(enc, ptr + enc->minBytesPerChar, end, next);

I was going to suggest using MINBPC, but looks like that might be undefined here. :-(
Attachment #8753192 - Flags: review?(peterv) → review+
> Could you add the comment that was

Ah, yes.  Done!

> I was going to suggest using MINBPC

Yeah, nothing included here seems like it would define it.  :(
https://hg.mozilla.org/mozilla-central/rev/b4d88aafa06c
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
You need to log in before you can comment on or make changes to this bug.