RFR: 8330542: Add jaxp-strict.properties in preparation for a secure by default configuration [v10]
Alan Bateman
alanb at openjdk.org
Mon May 20 12:58:04 UTC 2024
On Mon, 20 May 2024 12:48:01 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Joe Wang has updated the pull request incrementally with one additional commit since the last revision:
>>
>> withdraw changes to jaxp.properties. The configuration process has not changed, changing the default configuration would result in many failures that test the process.
>
> src/java.xml/share/classes/module-info.java line 444:
>
>> 442: *
>> 443: * Deploying with this configuration prevents processors from unknowingly making
>> 444: * outbound network connections to fetch DTDs, or process XML that makes use of
>
> s/process/processing/
In XML parlance, a "processor" is an aggregation of parsers, serializers, and other things that contribute to the processing. So I think it could be either here, but you have a point and if it stays as "processor" then it should link #FacPro where the term is defined.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18831#discussion_r1606745477
More information about the core-libs-dev
mailing list