From 9677d8eeac2dc2bfd96d634b178e05a28aaff27b Mon Sep 17 00:00:00 2001 From: Idan Horowitz Date: Fri, 17 Nov 2023 15:14:07 +0200 Subject: [PATCH] LibWeb: Reject improperly encoded XML documents as not well-formed --- Userland/Libraries/LibWeb/DOM/DocumentLoading.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Userland/Libraries/LibWeb/DOM/DocumentLoading.cpp b/Userland/Libraries/LibWeb/DOM/DocumentLoading.cpp index bcc22a0df9..be680b8d50 100644 --- a/Userland/Libraries/LibWeb/DOM/DocumentLoading.cpp +++ b/Userland/Libraries/LibWeb/DOM/DocumentLoading.cpp @@ -159,6 +159,9 @@ bool build_xml_document(DOM::Document& document, ByteBuffer const& data, Optiona decoder = TextCodec::decoder_for(encoding); } VERIFY(decoder.has_value()); + // Well-formed XML documents contain only properly encoded characters + if (!decoder->validate(data)) + return false; auto source = decoder->to_utf8(data).release_value_but_fixme_should_propagate_errors(); XML::Parser parser(source, { .resolve_external_resource = resolve_xml_resource }); XMLDocumentBuilder builder { document };