Fix handling of large xml documents

libxml 2.9.0 (we updated from 2.7.x to 2.9.2 for M45) added a
default-on abort on > 10,000,000 byte documents which is a bit
arbitrary and is causing problems for users. The _HUGE option
makes it not do this. My assumption is that this is reasonable
behaviour security-wise as: 1) we were doing it this way until
recently; and 2) it shouldn't be any worse in the renderer than
just doing `for (;;) x+='y';`

(There's a big trivial xml file in
LayoutTests/http/tests/xmlhttprequest/resources/big.xml
that goes with the test, but git cl upload won't upload it. I
guess I'll dcommit just that file first?)

R=dominicc@chromium.org
BUG=528078,463958
TEST=LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-big-document.html

Review URL: https://codereview.chromium.org/1316673007

git-svn-id: svn://svn.chromium.org/blink/trunk@201992 bbb929c8-8fbe-4397-9dbb-9b2b20218538

third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-big-document-expected.txt

+CONSOLE MESSAGE: line 16: [object HTMLCollection]
+Test case for bug 528078: XML files fail to parse if over 10 million bytes in size
+
+You should see PASS.
+
+PASS

third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-big-document.html

+<html>
+<head>
+<script type="text/javascript">
+
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+
+var xhr = new XMLHttpRequest();
+
+xhr.onreadystatechange = function() {
+    if (xhr.readyState == 4 && xhr.status == 200) {
+        var doc = xhr.responseXML;
+        var children = doc.getElementsByTagName("child");
+        console.log(children);
+        document.getElementById("page").textContent = "PASS";
+        if (window.testRunner)
+            testRunner.notifyDone();
+    }
+}
+
+xhr.open("GET", "resources/big.xml", true);
+xhr.send(null);
+</script>
+</head>
+<body>
+<p> Test case for <a href="https://code.google.com/p/chromium/issues/detail?id=528078">bug 528078</a>: XML files fail to parse if over 10 million bytes in size</p>
+<p> You should see PASS.</p>
+<div id="page"/>
+</body>
+</html>
+

third_party/WebKit/Source/core/xml/parser/XMLDocumentParser.cpp

@@ -734,6 +734,7 @@ PassRefPtr<XMLParserContext> XMLParserContext::createStringParser(xmlSAXHandlerP
 {
     initializeLibXMLIfNecessary();
     xmlParserCtxtPtr parser = xmlCreatePushParserCtxt(handlers, 0, 0, 0, 0);
+    xmlCtxtUseOptions(parser, XML_PARSE_HUGE);
     parser->_private = userData;
     parser->replaceEntities = true;
     return adoptRef(new XMLParserContext(parser));
@@ -756,7 +757,8 @@ PassRefPtr<XMLParserContext> XMLParserContext::createMemoryParser(xmlSAXHandlerP
     // Set parser options.
     // XML_PARSE_NODICT: default dictionary option.
     // XML_PARSE_NOENT: force entities substitutions.
-    xmlCtxtUseOptions(parser, XML_PARSE_NODICT | XML_PARSE_NOENT);
+    // XML_PARSE_HUGE: don't impose arbitrary limits on document size.
+    xmlCtxtUseOptions(parser, XML_PARSE_NODICT | XML_PARSE_NOENT | XML_PARSE_HUGE);
 
     // Internal initialization
     parser->sax2 = 1;