Re: [rfc][icedtea-web] AboutDialog IOExceptions
Jacob Wisor
gitne at excite.co.jp
Thu Jul 25 14:37:48 PDT 2013
"Jiri Vanek"<jvanek at redhat.com> wrote:
> On 07/25/2013 09:19 PM, Andrew Azores wrote:
> > On 07/25/2013 03:01 PM, Jacob Wisor wrote:
> >
> >>> - public HTMLPanel(URL url, String identifier) throws
> >>> IOException {
> >>> + public HTMLPanel(URL url, String identifier) {
> >>> super(new BorderLayout());
> >>> id = identifier;
> >>> JEditorPane pane = new JEditorPane();
> >>> - try{
> >>> + try {
> >>> pane = new JEditorPane(url);
> >>> } catch(Exception ex){
> >>> //no need to have invalid url fatal
> >> catch without a try? Does this compile? Besides, catching any exception is a bad idea or habit because RuntimeException and SecurityException fall into that category too. This may be inherently unsafe.
> >>
> >> Apart from that; nice clean up.
> >>
> >> Jacob
> > The "try" is still there, I just added a space between the keyword and
> > the opening brace.
> >
> > Good point about catching Exception in general though, I'll change that
> > to IOException.
>
> hmhhm.. I would like to catch also NPE here. So exception should be ok...
>
> If Jacob insists you can explicitli catch runtime and security one and rethrow...
I do not insist. ;) Catching NPE should be okay, if it adds some gaceful handling of an error. Rethrowing a RuntimeException does not make up for the potential vulnerability because the first general Exception catch may be all that an attacker needs to be successful.
Or... I am simply exaggerating again :D
More information about the distro-pkg-dev
mailing list