RFR: 8300891: Deprecate for removal javax.swing.plaf.synth.SynthLookAndFeel.load(URL url)
Sergey Bylokhov
serb at openjdk.org
Wed Jan 25 00:16:04 UTC 2023
On Tue, 24 Jan 2023 23:29:58 GMT, Phil Race <prr at openjdk.org> wrote:
> SynthLookAndFeel.load(URL) is problematic because applications need to trust the URL.
> As documented in the bug report there are alternative mechanisms and JDK itself has not used this for the two Synth based L&Fs : Nimbus and GTK.
> So deprecating - for removal - and adding warnings now in the docs is appropriate.
I do not think that this method should/must be used by custom L&F only, it is a way to provide custom styles for an existing L&f including Nimbus like discussed here:
https://stackoverflow.com/questions/11564597/how-to-use-synthlookandfeel-with-xml-file-where-xml-file-path-will-load-the-fil
There is a way to check the permission - security manager, ohh we deprecated it as well, time to rethink that? or do we plan to delete all methods which use URL, or add custom properties here and there to check access?
-------------
PR: https://git.openjdk.org/jdk/pull/12175
More information about the client-libs-dev
mailing list