High performance text component

Thu Aug 30 15:44:30 PDT 2012

Hi Gaja,

We are aware of the security implication of using FXML, and we would not allow it to execute any code, see  http://javafx-jira.kenai.com/browse/RT-24466   

Thank you
Felipe

On Aug 30, 2012, at 1:20 PM, Gaja Sutra wrote:

> Yes, you can change all parts of FXML containing the rich text, but your locale bundle will contain these FXML fragments, then you will load in scenegraph these FXML fragments coming from localization.
> 
> Technically it is perfectly possible, but knowing that adding a localization can change instantiated components in scenegraph (then behaviour [1]) is clearly worrisome for security.
> 
> I see (personally) this as a non-separation of concerns giving too much rights to localization in applications and creating security bugs. Many users, who don't speak English, can use non-official localizations of applications (for languages not supported by editor of the software). For me, localization is not as trustable as code.
> 
> => I would usually expect that localization can only change localizable strings (as declared by author of application) but not behaviour of application. Then, I would dislike to have to put some parts of code of my application in localization bundles.
> 
> [1]: In sample 4, you load a Button. I am not currently in security business, then my example is not as good and realistic as possible (and use no bugs, only features).
> I will suppose an application using a PasswordField in rich text and allowing plugins for some specific features (country-specific web services) but restricting sensible access from plugins to application with Java policies (not using multiple ClassLoader to avoid bugs due to visibility problems or only by simplicity).
> 
> * A custom localization contain a replacement of the standard
>   <PasswordField .../> by fully-named
>   <external.package.LoggingPasswordField .../>.
> * The class "external.package.LoggingPasswordField" is provided by a
>   plugin to the application for adding country-specific features (like
>   web services).
> 
> Given the FXML is loaded by application, it will be in a domain non-restricted by policies and FXML will load without problem a class from plugin. The pseudo-password field in scenegraph can send password to the web.
> 
>> Hi Gaja,
>> 
>> I don't understand the issue. The entire string of the FXML fragment can be localized, or you can use CSS to apply a different style to different parts of the string based on a "localized css file". How does FXML not work for this case?
>> 
>> Richard
>> 
>> On Aug 30, 2012, at 5:40 AM, Gaja Sutra wrote:
>> 
>>> I have a concern for localization support of FXML against the split of each paragraph in multiple FXML span tags.
>>> 
>>> By example, your first sample <p>Hello <b>Bold</b> <i>World</i></p>, can become in french <p>Bonjour <i>Monde</i> <b>Gras</b></p>, with different order of bold and italic styles. Like this case, FXML containing rich text will probably be separate for each language.
>>> 
>>> I understand DOM-like API for manipulation but I think it will be more complex to localize than some annotated string.
>>> 
>>> By example with a syntax like RTF/LaTeX <p>Hello \strong{Bold} \em{World}</p> and <p>Bonjour \em{Monde} \strong{Gras}</p>, you can localize only by substituting the string in the bundle, because your styles is not in FXML structure but only in the String containing text.
>>> 
>>> NB: In this case, your command annotating text is associated, by example, to a custom CSS pseudo-class:
>>> p:strong {-fx-font-weight: bold;}
>>> p:em {-fx-font-style: italic;}
>>> 
>>> NB: I know RTF/LaTeX syntax is not really beautiful. I am choosing this syntax only because special characters are not the same than XML and because ${...} is more frequently used for executing content (variable evaluation, etc.).
>>> 
>>> 
> 