Closed Bug 305035 Opened 19 years ago Closed 18 years ago

XML content loaded via data: URL doesn't transform (XSLT ignored)

Categories

(Core :: XSLT, defect)

Product:
Core
Component:
XSLT
Version:
1.7 Branch
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: sean, Assigned: peterv)

Details

Attachments

(1 file)

testcase (zip)
4.19 KB, application/octet-stream
Details 
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.11) Gecko/20050729
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.11) Gecko/20050729

document.getElementById('myFrame').contentDocument.location.href =
'data:text/xml,<?xml version="1.0"?><?xml-stylesheet type="text/xsl"
href="test.xsl"?><document><content/></document>';

places the xml in the iframe, but fails to do the xslt transform.
It presents as xml text.

Reproducible: Always

Steps to Reproduce:
1.load xml content into iframe via data: URL
2.
3.

Actual Results:  
iframe presents as xml text

Expected Results:  
iframe should present transformed document.
Attached file testcase (zip) 

  

  



    
    

    
  
Maybe the same-origin check for XSLT is getting confused by the document being
at a data: URL.

  

  


Summary: XML content loaded via data: URL doesn't transform → XML content loaded via data: URL doesn't transform (XSLT ignored)
Assignee: nobody → peterv
Component: File Handling → XSLT
Product: Firefox → Core
QA Contact: file.handling → keith
Version: unspecified → Trunk
Version: Trunk → 1.7 Branch

    
    

    
  
I tried with a relative url in the <?xml-stylesheet/> and with an absolute
chrome: url.

Both fail to transform.

  

  



    
    

    
  
How do you expect a relative URL to work resolved against a data URL? And the
access to chrome is probably blocked by security checks, any messages in the JS
console?

  

  



    
    

    
  
Actually, i think there might be a bug here. For data-documents we give the
document the same principal and baseuri as the original document, i think. So
rather then doing

rv = secMan->CheckSameOriginURI(mDocumentURI, url);

we should maybe use the uri of the principal rather mDocumentURI. We'd need to
make the same change for xsl:import and document() too.

I wonder how XMLHttpRequest deals with this.

  

  



    
    

    
  
You're talking about the absolute url case?

  

  



    
    

    
  
(In reply to comment #4)

I am doing this from inside the same chrome, so there shouldn't be security blocks.

No messages in the JS console.

  

  



    
    

    
  
> and baseuri as the original document

No, I don't believe we give it the same base URI... where do you see that happening?

And why are we calling CheckSameOriginURI anyway?  We should use CheckSameOriginPrincipal, since that will also work right with document.domain, etc...

  

  


Status: UNCONFIRMED → NEW
Ever confirmed: true

    
    

    
  
href="test.xsl" resolves to "data:test.xsl" which is not a meaningful data:
resource identifier. The test case cannot work as intended; the bug report is invalid.

  

  



    
    

    
  
Resolving as invalid, we have other bugs covering using better security manager functions.

  

  


Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → INVALID

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: