This test is based on the Security: Libxslt arbitrary file reading using document() method and external entities. Libxslt is the default XSL library used in WebKit browsers (e.g., Chrome, Safari). It allows external entities to be included in documents loaded via the XSL document() method. Attackers can bypass security restrictions to access file:// URLs from http(s):// URLs. In default sandbox mode, attackers can read /etc/hosts files on iOS (Safari/Chrome), Mac (Safari/Chrome), and Android (Chrome). With the -no-sandbox flag (e.g., in Electron/PhantomJS), attackers can read any file on any operating system.
If, after accessing the page, you see “file:///etc/passwd” or other local file data on the page, a vulnerability exists.
It is recommended to block access to specific files, such as prohibiting "file://" URLs from external entities. For Electron users, updating the Chrome engine to the latest version is advised.