RFR JDK7188517

John Zavgren john.zavgren at oracle.com
Fri May 31 05:11:16 PDT 2013 

All:

I'd like to give everyone another chance to weigh in on this change:
http://cr.openjdk.java.net/~jzavgren/7188517/webrev.04/
so that I can wrap up this fix ASAP.

(It makes HTTP cookies that begin with a dollar sign "illegal".)

Thanks!
John

On 05/15/2013 07:54 AM, John Zavgren wrote:
> Greetings:
>
> Can I get a show of hands on this RFR 
> (http://cr.openjdk.java.net/~jzavgren/7188517/webrev.04/)?
> It's CCC request has been accepted and I'd like to wrap it up ASAP.
>
> Thanks!
> John Zavgren
>
> On 05/09/2013 02:22 PM, John Zavgren wrote:
>> Greetings:
>> I made a mistake in my last RFR posting... the URL for the latest 
>> modifications is:
>> http://cr.openjdk.java.net/~jzavgren/7188517/webrev.04/
>> instead of:
>> http://cr.openjdk.java.net/~jzavgren/7188517/webrev.03/
>>
>> The most recent change is to reinstate the original test that tested 
>> for cookie names that lead with a dollar sign.
>>
>> I'm sorry about the confusion.
>>
>> Thanks!
>> John
>>
>>
>> On 05/09/2013 03:42 PM, John Zavgren wrote:
>>> Chris, et alia:
>>> I put the reinstated the old test.
>>> http://cr.openjdk.java.net/~jzavgren/7188517/webrev.03/
>>>
>>> John
>>>
>>> ----- Original Message -----
>>> From: chris.hegarty at oracle.com
>>> To: john.zavgren at oracle.com
>>> Cc: kurchi.subhra.hazra at oracle.com, net-dev at openjdk.java.net
>>> Sent: Thursday, May 9, 2013 4:39:29 AM GMT -05:00 US/Canada Eastern
>>> Subject: Re: RFR JDK7188517
>>>
>>> John,
>>>
>>> I think you can simply reinstate
>>>
>>> http://hg.openjdk.java.net/jdk8/jdk8/jdk/diff/7bd32bfc0539/test/java/net/CookieHandler/TestHttpCookie.java 
>>>
>>>
>>> -Chris.
>>>
>>> On 05/08/2013 09:02 PM, Kurchi Hazra wrote:
>>>> I would have thrown an exception if the IllegalArgumentException is 
>>>> not
>>>> obtained, otherwise the test looses its
>>>> purpose, and will pass silently if someone mistakenly removes the $
>>>> check in our code.
>>>>
>>>> - Kurchi
>>>>
>>>> On 5/8/2013 12:10 PM, John Zavgren wrote:
>>>>> Greetings:
>>>>>
>>>>> I added a test for the leading dollar sign character in cookie names:
>>>>> http://cr.openjdk.java.net/~jzavgren/7188517/webrev.03/
>>>>>
>>>>> Thanks!
>>>>> John
>>>>>
>>>>>
>>>>> On 05/08/2013 08:33 AM, Michael McMahon wrote:
>>>>>> On 08/05/13 09:50, Chris Hegarty wrote:
>>>>>>> On 08/05/2013 10:35, Michael McMahon wrote:
>>>>>>>> On 07/05/13 14:43, Chris Hegarty wrote:
>>>>>>>>> On 05/06/2013 10:28 PM, Kurchi Hazra wrote:
>>>>>>>>>> This looks okay to me.
>>>>>>>>> Source changes look fine to me too. Probably best to add a test
>>>>>>>>> for '$'
>>>>>>>>>
>>>>>>>>> In fact, Michael actually removed such a test [1] during another
>>>>>>>>> change. We should get positive agreement from Michael before 
>>>>>>>>> pushing
>>>>>>>>> this.
>>>>>>>>>
>>>>>>>> Yes, that was a positive test for for a cookie whose name began
>>>>>>>> with '$'.
>>>>>>>> I agree we should add a negative test now for a similar cookie.
>>>>>>>>
>>>>>>>> Source changes look fine to me too.
>>>>>>> Thanks Michael,
>>>>>>>
>>>>>>> In which case, I believe the check that a cookie the name
>>>>>>> '$Customer' throws IAE can be re-instated in TestHttpCookie.java
>>>>>>>
>>>>>> Right. I didn't realise the test was able to handle the IAE. I see
>>>>>> now that it does and it should
>>>>>> be possible to put the same test back.
>>>>>>
>>>>>> Michael
>>>>>>> -Chris.
>>>>>>>
>>>>>>>> Michael
>>>>>>>>
>>>>>>>>> -Chris.
>>>>>>>>>
>>>>>>>>> [1] http://hg.openjdk.java.net/jdk8/jdk8/jdk/rev/7bd32bfc0539
>>>>>>>>>
>>>>>>>>>> - Kurchi
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On 5/2/2013 10:09 AM, John Zavgren wrote:
>>>>>>>>>>> All:
>>>>>>>>>>> My original email was mangled by my email program
>>>>>>>>>>> (stbeehive/zimbra)
>>>>>>>>>>> ... so I'm sending a second correctly formatted copy.
>>>>>>>>>>>
>>>>>>>>>>> I'm sorry for the inconvenience.
>>>>>>>>>>>
>>>>>>>>>>> John
>>>>>>>>>>> ---------------
>>>>>>>>>>>
>>>>>>>>>>> Please consider the following change to the cookie constructor:
>>>>>>>>>>> http://cr.openjdk.java.net/~jzavgren/7188517/webrev.01/
>>>>>>>>>>> <http://cr.openjdk.java.net/%7Ejzavgren/7188517/webrev.01/>
>>>>>>>>>>>
>>>>>>>>>>> Basically there are two issues:
>>>>>>>>>>>
>>>>>>>>>>> 1.) the existing cookie constructor was allowing cookie 
>>>>>>>>>>> names to
>>>>>>>>>>> have
>>>>>>>>>>> a dollar sign as their leading character,
>>>>>>>>>>> which is "illegal". The constructor code was modified to 
>>>>>>>>>>> disallow
>>>>>>>>>>> these illegal names.
>>>>>>>>>>>
>>>>>>>>>>> 2.) the API document (notice the specdiff:
>>>>>>>>>>> http://cr.openjdk.java.net/~jzavgren/7188517/specDiff/
>>>>>>>>>>> <http://cr.openjdk.java.net/%7Ejzavgren/7188517/specDiff/>)
>>>>>>>>>>> prohibited
>>>>>>>>>>> the use of cookie names that are one of the tokens reserved for
>>>>>>>>>>> use by
>>>>>>>>>>> the cookie protocol, and this restriction is not necessary.
>>>>>>>>>>>
>>>>>>>>>>> Thanks!
>>>>>>>>>>> John Zavgren
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> ----- Original Message -----
>>>>>>>>>>> From: john.zavgren at oracle.com
>>>>>>>>>>> To: net-dev at openjdk.java.net
>>>>>>>>>>> Sent: Thursday, May 2, 2013 10:36:38 AM GMT -05:00 US/Canada
>>>>>>>>>>> Eastern
>>>>>>>>>>> Subject: RFR JDK7188517
>>>>>>>>>>>
>>>>>>>>>>> Greetings: Please consider the following change to the cookie
>>>>>>>>>>> constructor:
>>>>>>>>>>> http://cr.openjdk.java.net/~jzavgren/7188517/webrev.01/
>>>>>>>>>>> Basically there are two issues: 1.) the existing cookie 
>>>>>>>>>>> constructor
>>>>>>>>>>> was allowing cookie names to have a dollar sign as their 
>>>>>>>>>>> leading
>>>>>>>>>>> character, which is "illegal". The constructor code was 
>>>>>>>>>>> modified to
>>>>>>>>>>> disallow these illegal names. 2.) the API document (notice the
>>>>>>>>>>> specdiff: 
>>>>>>>>>>> http://cr.openjdk.java.net/~jzavgren/7188517/specDiff/)
>>>>>>>>>>> prohibited the use of cookie names that are one of the tokens
>>>>>>>>>>> reserved
>>>>>>>>>>> for use by the cookie protocol, and this restriction is not
>>>>>>>>>>> necessary.
>>>>>>>>>>> Thanks! John Zavgren
>>>>>>>>>> -- 
>>>>>>>>>> -Kurchi
>>>>>>>>>>
>>>>>
>
>


-- 
John Zavgren
john.zavgren at oracle.com
603-821-0904
US-Burlington-MA

More information about the net-dev mailing list