[rfc][icedtea-web] alaca for unsigned apps and few changes in behaviour
Jiri Vanek
jvanek at redhat.com
Fri Aug 28 12:25:20 UTC 2015
Hello!
ITW is suffering from not enough restrictions between codebase and documentbase. For that the
resources loaded by applet would be nice to be shown to user.
I think best to do so is reuse already existing alaca dialogue.
There is one mayor change - reason of this patch - the alaca dilogue will rise up even in case of
unsigned applets, and so compleating click to run scheme by information about loaded resources.
However, the manifest-attribute value - if any - is ignored for unsigned app (as it can be easily
faked).
Then there are few changes
- missing alaca is shown even in low security mode
- texts on missing alaca are kept red, but on matching alac are made green
- matching logic is little bit loosened. Before, the reosurces were made to match both codebase
and docbase. However docbase may be eg http://some.url/resourc/file.html - so no resource could
actually match it. Now I'm striping the file.
And one bugfix. Somehow leaked error into code, that the list of resources was never fully checcked
against codebase/docbase (only first in case of list of length 1 was checked)
Now all resources are processed correctly and if all resources are going from codebase and docbase
(see docbase must be same as document base to make it match) then no alaca is shown.
I thing this is much more correct behaviour then before.
Also I belive that place from where resources are going was really missing for unsigned apps
(although they are pretty restricted).
I would like to backport this to 1.6 and to 1.5 if possible.
In case of backport, I will enable also remmering of user's action
(http://linuxsagas.digitaleagle.net/wp-content/uploads/2014/05/053.png - remeber action does nothing
IIRC now)
I dont know if 1.5 backport (together with rember action) will be posible for 1.5. If no....
J.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: alacaForUnsigned.diff
Type: text/x-patch
Size: 12396 bytes
Desc: not available
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20150828/395a96ff/alacaForUnsigned.diff>
More information about the distro-pkg-dev
mailing list