[rfc][icedtea-web] Strip parameters from document-base
Adam Domurad
adomurad at redhat.com
Wed Apr 10 12:02:23 PDT 2013
[ .. original message snipped ..]
Sorry for the confusion. I spent a bit of time creating a reproducer and
investigating why we were different from the proprietary plugin to begin
with.
I have finally found the real reason for the troubles & inconsistency
here, the basic fix is:
> diff --git a/plugin/icedteanp/java/sun/applet/PluginAppletViewer.java
> b/plugin/i
> --- a/plugin/icedteanp/java/sun/applet/PluginAppletViewer.java
> +++ b/plugin/icedteanp/java/sun/applet/PluginAppletViewer.java
> @@ -439,8 +439,7 @@ public class PluginAppletViewer extends
> String height = msgParts[2];
>
> int spaceLocation = message.indexOf(' ', "tag".length() + 1);
> - String documentBase =
> - UrlUtil.decode(message.substring("tag".length() + 1,
> spaceLocat
> + String documentBase = message.substring("tag".length() + 1,
> spaceLocati
> String paramString = message.substring(spaceLocation + 1);
>
> PluginDebug.debug("Handle = ", handle, "\n",
And we're 100% compatible with proprietary plugin, and aren't storing
invalid URLs. The only remaining fix-up was ...
> diff --git a/netx/net/sourceforge/jnlp/cache/ResourceTracker.java
> b/netx/net/sourceforge/jnlp/cache/ResourceTracker.java
> --- a/netx/net/sourceforge/jnlp/cache/ResourceTracker.java
> +++ b/netx/net/sourceforge/jnlp/cache/ResourceTracker.java
> @@ -390,7 +390,7 @@ public class ResourceTracker {
> return resource.localFile;
>
> if (location.getProtocol().equalsIgnoreCase("file")) {
> - File file = new File(location.getFile());
> + File file = new File(location.toURI().getPath());
> if (file.exists())
> return file;
> }
> @@ -401,6 +401,9 @@ public class ResourceTracker {
> ex.printStackTrace();
>
> return null; // need an error exception to throw
> + } catch (URISyntaxException e) {
> + e.printStackTrace();
> + return null;
> }
> }
Which works around a bad mis-design of URL#getFile() which does not
decode the URL. This only applies to local files. URL#getFile() should
be avoided, I think.
Fix ChangeLog:
2013-XX-XX Adam Domurad <adomurad at redhat.com>
Ensure document-base is properly encoded.
* netx/net/sourceforge/jnlp/cache/ResourceTracker.java
(getCacheFile): Use URL#toUri().getPath() instead of URL#getFile().
* plugin/icedteanp/java/sun/applet/PluginAppletViewer.java
(handleInitializationMessage): Don't decode document-base.
Reproducer ChangeLog:
2013-XX-XX Adam Domurad <adomurad at redhat.com>
Reproducer for URL parameters (eg ?a=b) in document-base.
*
tests/reproducers/simple/URLParametersInDocumentBase/resources/URLParametersInDocumentBase.html:
Page that loads applet.
*
tests/reproducers/simple/URLParametersInDocumentBase/srcs/URLParametersInDocumentBase.java:
Applet that prints code-base & document-base.
*
tests/reproducers/simple/URLParametersInDocumentBase/testcases/URLParametersInDocumentBaseTests.java:
Test-driver.
The UrlUtils patch is not strictly necessary any more, but I'd still
like it in (it is unaffected by the changes). It can be just in HEAD though.
Please note that I strongly want the fix in 1.3 since without it one
cannot use Oracle LMS.
Thanks,
-Adam
-------------- next part --------------
A non-text attachment was scrubbed...
Name: document-base-encoding-reproducer.patch
Type: text/x-patch
Size: 8638 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20130410/0a5ca63d/document-base-encoding-reproducer.patch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dont-decode-documentbase.patch
Type: text/x-patch
Size: 1645 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20130410/0a5ca63d/dont-decode-documentbase.patch
More information about the distro-pkg-dev
mailing list