/hg/icedtea-web: 3 new changesets
omajid at icedtea.classpath.org
omajid at icedtea.classpath.org
Mon Mar 31 17:28:50 UTC 2014
changeset 1fa70bdff359 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=1fa70bdff359
author: Omair Majid <omajid at redhat.com>
date: Mon Mar 31 13:19:52 2014 -0400
Adjust strings in ALACA dialog
2013-03-31 Omair Majid <omajid at redhat.com>
* netx/net/sourceforge/jnlp/resources/Messages.properties
(ALACAMissingMainTitle, ALACAMissingInfo ALACAMatchingMainTitle)
(ALACAMatchingInfo): Rephrase strings and replace full links with page
names.
* netx/net/sourceforge/jnlp/util/UrlUtils.java (setOfUrlsToHtmlList):
Enclose list in 'ul' element.
changeset ec7b04725a82 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=ec7b04725a82
author: Omair Majid <omajid at redhat.com>
date: Mon Mar 31 13:26:39 2014 -0400
Fix misssing permissions dialog
2013-03-31 Omair Majid <omajid at redhat.com>
* netx/net/sourceforge/jnlp/resources/Messages.properties
(MissingPermissionsMainTitle): Remove 'codebase'
(MissingPermissionsInfo): Use simple link title.
changeset dc0a77856cb4 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=dc0a77856cb4
author: Omair Majid <omajid at redhat.com>
date: Mon Mar 31 13:27:48 2014 -0400
Merge
diffstat:
ChangeLog | 24 ++++++++
netx/net/sourceforge/jnlp/resources/Messages.properties | 29 +++++----
netx/net/sourceforge/jnlp/util/ClasspathMatcher.java | 9 +-
netx/net/sourceforge/jnlp/util/UrlUtils.java | 2 +
tests/netx/unit/net/sourceforge/jnlp/util/ClasspathMatcherTest.java | 8 ++-
5 files changed, 52 insertions(+), 20 deletions(-)
diffs (135 lines):
diff -r ee80e215928e -r dc0a77856cb4 ChangeLog
--- a/ChangeLog Mon Mar 31 16:54:52 2014 +0200
+++ b/ChangeLog Mon Mar 31 13:27:48 2014 -0400
@@ -1,3 +1,27 @@
+2013-03-31 Omair Majid <omajid at redhat.com>
+
+ * netx/net/sourceforge/jnlp/resources/Messages.properties
+ (MissingPermissionsMainTitle): Remove 'codebase'
+ (MissingPermissionsInfo): Use simple link title.
+
+2013-03-31 Omair Majid <omajid at redhat.com>
+
+ * netx/net/sourceforge/jnlp/resources/Messages.properties
+ (ALACAMissingMainTitle, ALACAMissingInfo ALACAMatchingMainTitle)
+ (ALACAMatchingInfo): Rephrase strings and replace full links with page
+ names.
+ * netx/net/sourceforge/jnlp/util/UrlUtils.java (setOfUrlsToHtmlList):
+ Enclose list in 'ul' element.
+
+2013-03-31 Jiri Vanek <jvanek at redhat.com>
+
+ Allowed wrong match of the aaaexample.com by *.example.com expression as in
+ specification.
+ * netx/net/sourceforge/jnlp/util/ClasspathMatcher.java: uncommented handling
+ of dot in (domainToRegEx).
+ * tests/netx/unit/net/sourceforge/jnlp/util/ClasspathMatcherTest.java:
+ (matchTest) uncommented and added tests of/for dot issue.
+
2013-03-31 Jiri Vanek <jvanek at redhat.com>
Alexandr Kolouch <skolnag at gmail.com>
diff -r ee80e215928e -r dc0a77856cb4 netx/net/sourceforge/jnlp/resources/Messages.properties
--- a/netx/net/sourceforge/jnlp/resources/Messages.properties Mon Mar 31 16:54:52 2014 +0200
+++ b/netx/net/sourceforge/jnlp/resources/Messages.properties Mon Mar 31 13:27:48 2014 -0400
@@ -52,32 +52,33 @@
# missing permissions dialogue
MissingPermissionsMainTitle=Application <span color='red'> {0} </span> \
-form codebase <span color='red'> {1} </span> is missing the permissions attribute. \
+from <span color='red'> {1} </span> is missing the permissions attribute. \
Applications without this attribute should not be trusted. Do you wish to allow this application to run?
MissingPermissionsInfo=For more information you can visit:<br/>\
<a href="http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#permissions"> \
-http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#permissions</a> <br/> \
+JAR File Manifest Attributes</a> <br/> \
and<br/> <a href="http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/no_redeploy.html"> \
-http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/no_redeploy.html</a>
+Preventing the repurposing of Applications</a>
# missing Application-Library-Allowable-Codebase dialogue
-ALACAMissingMainTitle=Application <span color='red'> {0} </span> \
-form codebase <span color='red'> {1} </span> is missing the Application-Library-Allowable-Codebase attribute. \
-This application uses resources from the following remote locations:<br/> {2} Are you sure you want to run this application?
-ALACAMissingInfo=For more information you can visit:<br/>\
+ALACAMissingMainTitle=The application <span color='red'> {0} </span> \
+from <span color='red'> {1} </span> uses resources from the following remote locations: \
+{2} \
+Are you sure you want to run this application?
+ALACAMissingInfo=For more information see:<br/>\
<a href="http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#app_library"> \
-http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#app_library</a> <br/> \
+JAR File Manifest Attributes</a> <br/> \
and<br/> <a href="http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/no_redeploy.html"> \
-http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/no_redeploy.html</a>
+Preventing the Repurposing of an Application</a>
# matching Application-Library-Allowable-Codebase dialogue
-ALACAMatchingMainTitle=Application <span color='red'> {0} </span> \
-form codebase <span color='red'> {1} </span> is requiring valid resources from different locations:<br/>{2} <br/> \
-Those resources are expected to be loaded. Do you agree to run this application?
+ALACAMatchingMainTitle=The application <span color='red'> {0} </span> \
+from <span color='red'> {1} </span> uses resources from the following remote locations:<br/>{2} <br/> \
+Are you sure you want to run this application?
ALACAMatchingInfo=For more information you can visit:<br/>\
<a href="http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#app_library"> \
-http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#app_library</a> <br/> \
+JAR File Manifest Attributes</a> <br/> \
and<br/> <a href="http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/no_redeploy.html"> \
-http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/no_redeploy.html</a>
+Preventing the Repurposing of an Application</a>
# LS - Severity
LSMinor=Minor
diff -r ee80e215928e -r dc0a77856cb4 netx/net/sourceforge/jnlp/util/ClasspathMatcher.java
--- a/netx/net/sourceforge/jnlp/util/ClasspathMatcher.java Mon Mar 31 16:54:52 2014 +0200
+++ b/netx/net/sourceforge/jnlp/util/ClasspathMatcher.java Mon Mar 31 13:27:48 2014 -0400
@@ -146,10 +146,11 @@
}
private static Pattern domainToRegEx(String domain) {
- // I have conisdered the "dot" as bug i specification
- // while (domain.startsWith("*.")) {
- // domain = "*" + domain.substring(2);
- //}
+ // Although I have conisdered the "dot" as bug in specification,
+ // to many applications are depnding on it
+ while (domain.startsWith("*.")) {
+ domain = "*" + domain.substring(2);
+ }
return ClasspathMatcher.sourceToRegEx(domain);
}
}
diff -r ee80e215928e -r dc0a77856cb4 netx/net/sourceforge/jnlp/util/UrlUtils.java
--- a/netx/net/sourceforge/jnlp/util/UrlUtils.java Mon Mar 31 16:54:52 2014 +0200
+++ b/netx/net/sourceforge/jnlp/util/UrlUtils.java Mon Mar 31 13:27:48 2014 -0400
@@ -195,9 +195,11 @@
*/
public static String setOfUrlsToHtmlList(Iterable<URL> remoteUrls) {
StringBuilder sb = new StringBuilder();
+ sb.append("<ul>");
for (URL url : remoteUrls) {
sb.append("<li>").append(url.toExternalForm()).append("</li>");
}
+ sb.append("</ul>");
return sb.toString();
}
diff -r ee80e215928e -r dc0a77856cb4 tests/netx/unit/net/sourceforge/jnlp/util/ClasspathMatcherTest.java
--- a/tests/netx/unit/net/sourceforge/jnlp/util/ClasspathMatcherTest.java Mon Mar 31 16:54:52 2014 +0200
+++ b/tests/netx/unit/net/sourceforge/jnlp/util/ClasspathMatcherTest.java Mon Mar 31 13:27:48 2014 -0400
@@ -422,9 +422,13 @@
Assert.assertTrue(p.match(urls[13]));
Assert.assertTrue(p.match(urls[14]));
//those represent the "dot" issue
- //Assert.assertTrue(p.match(urls[15]));
- //Assert.assertTrue(p.match(urls[16]));
+ Assert.assertTrue(p.match(urls[15]));
+ Assert.assertTrue(p.match(urls[16]));
Assert.assertFalse(p.match(urls[17]));
+ //reasons for alowing "dot" issue
+ Assert.assertTrue(p.match(new URL("http://www.example.com")));
+ Assert.assertTrue(p.match(new URL("http://example.com"))); //yah, this is really nasty
+ //still the DOT issue is an BUG
}
@Test
More information about the distro-pkg-dev
mailing list