[rfc][icedtea-web] (PR1264) Run in Sandbox button
Omair Majid
omajid at redhat.com
Wed Feb 26 10:02:25 PST 2014
* Andrew Azores <aazores at redhat.com> [2014-02-26 12:13]:
> "implementation" can be applied on its own, but it doesn't actually
> do anything. It essentially just sets up the classloader to be able
> to run applets sandboxed. "dialog" adds the ability to make the
> classloader do this by adding a button for it.
>
This is a review of the "dialog" patch.
Overall, the patch is okay. There is some minor duplication of code that
calls JNLPClassLoader from various *Verfifiers. I like the cleanup in
SecurityDialogs.
I do have one concern:
> +++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> if (jcv.isFullySigned() && !jcv.getAlreadyTrustPublisher()) {
> - jcv.checkTrustWithUser(file);
> + jcv.checkTrustWithUser(this, file);
JCV was designed in a layered approach (JNLPClassLoader calls JCV and
not the other way aroun) so we would be able to unit test it completely
and sanely without having to instantiate JNLPClassLoader. This change
breaks that :(
Thanks,
Omair
--
PGP Key: 66484681 (http://pgp.mit.edu/)
Fingerprint = F072 555B 0A17 3957 4E95 0056 F286 F14F 6648 4681
More information about the distro-pkg-dev
mailing list