chromium-dev/chromium-144-revert-libxml-2.13.patch

--- chromium-144.0.7534.0/third_party/blink/renderer/core/xml/parser/xml_document_parser.cc	2025/11/25 11:00:53	1.1
+++ chromium-144.0.7534.0/third_party/blink/renderer/core/xml/parser/xml_document_parser.cc	2025/11/25 11:01:09
@@ -617,6 +617,10 @@
 }
 
 static bool ShouldAllowExternalLoad(const KURL& url) {
+  if (RuntimeEnabledFeatures::XMLNoExternalEntitiesEnabled()) {
+    return false;
+  }
+
   String url_string = url.GetString();
 
   // libxml should not be configured with catalogs enabled, so it
@@ -756,18 +760,7 @@
   InitializeLibXMLIfNecessary();
   xmlParserCtxtPtr parser =
       xmlCreatePushParserCtxt(handlers, nullptr, nullptr, 0, nullptr);
-
-  int32_t options = XML_PARSE_HUGE | XML_PARSE_NOENT;
-
-  // See https://crbug.com/455813733: We choose to prevent network loads of
-  // external entities and DTDs here, but not in xmlReadMemory of
-  // XmlDocPtrForString and in XSLTStyleSheet::Parse in order not to overlap
-  // with XSLT deprecation.
-  if (RuntimeEnabledFeatures::XMLNoExternalEntitiesEnabled()) {
-    options |= XML_PARSE_NO_XXE;
-  }
-
-  xmlCtxtUseOptions(parser, options);
+  xmlCtxtUseOptions(parser, XML_PARSE_HUGE | XML_PARSE_NOENT);
   parser->_private = user_data;
   return base::AdoptRef(new XMLParserContext(parser));
 }
@@ -793,17 +786,8 @@
   // XML_PARSE_NODICT: default dictionary option.
   // XML_PARSE_NOENT: force entities substitutions.
   // XML_PARSE_HUGE: don't impose arbitrary limits on document size.
-  int32_t options = XML_PARSE_NODICT | XML_PARSE_NOENT | XML_PARSE_HUGE;
-
-  // See https://crbug.com/455813733: We choose to prevent network loads of
-  // external entities and DTDs here, but not in xmlReadMemory of
-  // XmlDocPtrForString and in XSLTStyleSheet::Parse in order not to overlap
-  // with XSLT deprecation.
-  if (RuntimeEnabledFeatures::XMLNoExternalEntitiesEnabled()) {
-    options |= XML_PARSE_NO_XXE;
-  }
-
-  xmlCtxtUseOptions(parser, options);
+  xmlCtxtUseOptions(parser,
+                    XML_PARSE_NODICT | XML_PARSE_NOENT | XML_PARSE_HUGE);
 
   parser->_private = user_data;
added chromium-144-revert-libxml-2.13.patch 2025-11-25 12:03:37 +01:00			`--- chromium-144.0.7534.0/third_party/blink/renderer/core/xml/parser/xml_document_parser.cc 2025/11/25 11:00:53 1.1`
			`+++ chromium-144.0.7534.0/third_party/blink/renderer/core/xml/parser/xml_document_parser.cc 2025/11/25 11:01:09`
			`@@ -617,6 +617,10 @@`
			`}`

			`static bool ShouldAllowExternalLoad(const KURL& url) {`
			`+ if (RuntimeEnabledFeatures::XMLNoExternalEntitiesEnabled()) {`
			`+ return false;`
			`+ }`
			`+`
			`String url_string = url.GetString();`

			`// libxml should not be configured with catalogs enabled, so it`
			`@@ -756,18 +760,7 @@`
			`InitializeLibXMLIfNecessary();`
			`xmlParserCtxtPtr parser =`
			`xmlCreatePushParserCtxt(handlers, nullptr, nullptr, 0, nullptr);`
			`-`
			`- int32_t options = XML_PARSE_HUGE \| XML_PARSE_NOENT;`
			`-`
			`- // See https://crbug.com/455813733: We choose to prevent network loads of`
			`- // external entities and DTDs here, but not in xmlReadMemory of`
			`- // XmlDocPtrForString and in XSLTStyleSheet::Parse in order not to overlap`
			`- // with XSLT deprecation.`
			`- if (RuntimeEnabledFeatures::XMLNoExternalEntitiesEnabled()) {`
			`- options \|= XML_PARSE_NO_XXE;`
			`- }`
			`-`
			`- xmlCtxtUseOptions(parser, options);`
			`+ xmlCtxtUseOptions(parser, XML_PARSE_HUGE \| XML_PARSE_NOENT);`
			`parser->_private = user_data;`
			`return base::AdoptRef(new XMLParserContext(parser));`
			`}`
			`@@ -793,17 +786,8 @@`
			`// XML_PARSE_NODICT: default dictionary option.`
			`// XML_PARSE_NOENT: force entities substitutions.`
			`// XML_PARSE_HUGE: don't impose arbitrary limits on document size.`
			`- int32_t options = XML_PARSE_NODICT \| XML_PARSE_NOENT \| XML_PARSE_HUGE;`
			`-`
			`- // See https://crbug.com/455813733: We choose to prevent network loads of`
			`- // external entities and DTDs here, but not in xmlReadMemory of`
			`- // XmlDocPtrForString and in XSLTStyleSheet::Parse in order not to overlap`
			`- // with XSLT deprecation.`
			`- if (RuntimeEnabledFeatures::XMLNoExternalEntitiesEnabled()) {`
			`- options \|= XML_PARSE_NO_XXE;`
			`- }`
			`-`
			`- xmlCtxtUseOptions(parser, options);`
			`+ xmlCtxtUseOptions(parser,`
			`+ XML_PARSE_NODICT \| XML_PARSE_NOENT \| XML_PARSE_HUGE);`

			`parser->_private = user_data;`