Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
LinuxSuRen
Dragonwell11
提交
b9e5115e
D
Dragonwell11
项目概览
LinuxSuRen
/
Dragonwell11
通知
2
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
Dragonwell11
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
b9e5115e
编写于
10月 09, 2019
作者:
I
igerasim
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8226765: Commentary on Javadoc comments
Reviewed-by: jjg, rhalade, skoivu, andrew
上级
919d81d8
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
18 addition
and
59 deletion
+18
-59
src/jdk.javadoc/share/classes/com/sun/tools/javadoc/main/JavaScriptScanner.java
...classes/com/sun/tools/javadoc/main/JavaScriptScanner.java
+4
-31
src/jdk.javadoc/share/classes/jdk/javadoc/internal/doclets/toolkit/util/JavaScriptScanner.java
...adoc/internal/doclets/toolkit/util/JavaScriptScanner.java
+9
-27
test/langtools/jdk/javadoc/tool/TestScriptInComment.java
test/langtools/jdk/javadoc/tool/TestScriptInComment.java
+5
-1
未找到文件。
src/jdk.javadoc/share/classes/com/sun/tools/javadoc/main/JavaScriptScanner.java
浏览文件 @
b9e5115e
...
...
@@ -69,12 +69,10 @@ public class JavaScriptScanner {
private
boolean
newline
=
true
;
Map
<
String
,
TagParser
>
tagParsers
;
Set
<
String
>
eventAttrs
;
Set
<
String
>
uriAttrs
;
public
JavaScriptScanner
()
{
initTagParsers
();
initEventAttrs
();
initURIAttrs
();
}
...
...
@@ -101,7 +99,10 @@ public class JavaScriptScanner {
private
void
checkHtmlAttr
(
String
name
,
String
value
)
{
String
n
=
name
.
toLowerCase
(
Locale
.
ENGLISH
);
if
(
eventAttrs
.
contains
(
n
)
// See https://www.w3.org/TR/html52/webappapis.html#events-event-handlers
// An event handler has a name, which always starts with "on" and is followed by
// the name of the event for which it is intended.
if
(
n
.
startsWith
(
"on"
)
||
uriAttrs
.
contains
(
n
)
&&
value
!=
null
&&
value
.
toLowerCase
(
Locale
.
ENGLISH
).
trim
().
startsWith
(
"javascript:"
))
{
reporter
.
report
();
...
...
@@ -1061,34 +1062,6 @@ public class JavaScriptScanner {
}
private
void
initEventAttrs
()
{
eventAttrs
=
new
HashSet
<>(
Arrays
.
asList
(
// See https://www.w3.org/TR/html-markup/global-attributes.html#common.attrs.event-handler
"onabort"
,
"onblur"
,
"oncanplay"
,
"oncanplaythrough"
,
"onchange"
,
"onclick"
,
"oncontextmenu"
,
"ondblclick"
,
"ondrag"
,
"ondragend"
,
"ondragenter"
,
"ondragleave"
,
"ondragover"
,
"ondragstart"
,
"ondrop"
,
"ondurationchange"
,
"onemptied"
,
"onended"
,
"onerror"
,
"onfocus"
,
"oninput"
,
"oninvalid"
,
"onkeydown"
,
"onkeypress"
,
"onkeyup"
,
"onload"
,
"onloadeddata"
,
"onloadedmetadata"
,
"onloadstart"
,
"onmousedown"
,
"onmousemove"
,
"onmouseout"
,
"onmouseover"
,
"onmouseup"
,
"onmousewheel"
,
"onpause"
,
"onplay"
,
"onplaying"
,
"onprogress"
,
"onratechange"
,
"onreadystatechange"
,
"onreset"
,
"onscroll"
,
"onseeked"
,
"onseeking"
,
"onselect"
,
"onshow"
,
"onstalled"
,
"onsubmit"
,
"onsuspend"
,
"ontimeupdate"
,
"onvolumechange"
,
"onwaiting"
,
// See https://www.w3.org/TR/html4/sgml/dtd.html
// Most of the attributes that take a %Script are also defined as event handlers
// in HTML 5. The one exception is onunload.
// "onchange", "onclick", "ondblclick", "onfocus",
// "onkeydown", "onkeypress", "onkeyup", "onload",
// "onmousedown", "onmousemove", "onmouseout", "onmouseover",
// "onmouseup", "onreset", "onselect", "onsubmit",
"onunload"
));
}
private
void
initURIAttrs
()
{
uriAttrs
=
new
HashSet
<>(
Arrays
.
asList
(
// See https://www.w3.org/TR/html4/sgml/dtd.html
...
...
src/jdk.javadoc/share/classes/jdk/javadoc/internal/doclets/toolkit/util/JavaScriptScanner.java
浏览文件 @
b9e5115e
...
...
@@ -61,34 +61,8 @@ public class JavaScriptScanner extends DocTreePathScanner<Void, Consumer<DocTree
public
Void
visitAttribute
(
AttributeTree
tree
,
Consumer
<
DocTreePath
>
f
)
{
String
name
=
tree
.
getName
().
toString
().
toLowerCase
(
Locale
.
ENGLISH
);
switch
(
name
)
{
// See https://www.w3.org/TR/html-markup/global-attributes.html#common.attrs.event-handler
case
"onabort"
:
case
"onblur"
:
case
"oncanplay"
:
case
"oncanplaythrough"
:
case
"onchange"
:
case
"onclick"
:
case
"oncontextmenu"
:
case
"ondblclick"
:
case
"ondrag"
:
case
"ondragend"
:
case
"ondragenter"
:
case
"ondragleave"
:
case
"ondragover"
:
case
"ondragstart"
:
case
"ondrop"
:
case
"ondurationchange"
:
case
"onemptied"
:
case
"onended"
:
case
"onerror"
:
case
"onfocus"
:
case
"oninput"
:
case
"oninvalid"
:
case
"onkeydown"
:
case
"onkeypress"
:
case
"onkeyup"
:
case
"onload"
:
case
"onloadeddata"
:
case
"onloadedmetadata"
:
case
"onloadstart"
:
case
"onmousedown"
:
case
"onmousemove"
:
case
"onmouseout"
:
case
"onmouseover"
:
case
"onmouseup"
:
case
"onmousewheel"
:
case
"onpause"
:
case
"onplay"
:
case
"onplaying"
:
case
"onprogress"
:
case
"onratechange"
:
case
"onreadystatechange"
:
case
"onreset"
:
case
"onscroll"
:
case
"onseeked"
:
case
"onseeking"
:
case
"onselect"
:
case
"onshow"
:
case
"onstalled"
:
case
"onsubmit"
:
case
"onsuspend"
:
case
"ontimeupdate"
:
case
"onvolumechange"
:
case
"onwaiting"
:
// See https://www.w3.org/TR/html4/sgml/dtd.html
// Most of the attributes that take a %Script are also defined as event handlers
// in HTML 5. The one exception is onunload.
// case "onchange": case "onclick": case "ondblclick": case "onfocus":
// case "onkeydown": case "onkeypress": case "onkeyup": case "onload":
// case "onmousedown": case "onmousemove": case "onmouseout": case "onmouseover":
// case "onmouseup": case "onreset": case "onselect": case "onsubmit":
case
"onunload"
:
f
.
accept
(
getCurrentPath
());
break
;
// See https://www.w3.org/TR/html4/sgml/dtd.html
// https://www.w3.org/TR/html5
/
// https://www.w3.org/TR/html5
2/fullindex.html#attributes-table
// These are all the attributes that take a %URI or a valid URL potentially surrounded
// by spaces
case
"action"
:
case
"cite"
:
case
"classid"
:
case
"codebase"
:
case
"data"
:
...
...
@@ -102,6 +76,14 @@ public class JavaScriptScanner extends DocTreePathScanner<Void, Consumer<DocTree
}
}
break
;
// See https://www.w3.org/TR/html52/webappapis.html#events-event-handlers
// An event handler has a name, which always starts with "on" and is followed by
// the name of the event for which it is intended.
default
:
if
(
name
.
startsWith
(
"on"
))
{
f
.
accept
(
getCurrentPath
());
}
break
;
}
return
super
.
visitAttribute
(
tree
,
f
);
}
...
...
test/langtools/jdk/javadoc/tool/TestScriptInComment.java
浏览文件 @
b9e5115e
...
...
@@ -25,7 +25,7 @@
/**
* @test
* @bug 8138725
* @bug 8138725
8226765
* @summary test --allow-script-in-comments
* @modules jdk.javadoc/jdk.javadoc.internal.tool
*/
...
...
@@ -65,6 +65,10 @@ public class TestScriptInComment {
WS
(
"< script >#ALERT</script>"
,
false
,
"-Xdoclint:none"
),
// script tag with invalid white space
SP
(
"<script src=\"file\"> #ALERT </script>"
,
true
),
// script tag with an attribute
ON
(
"<a onclick='#ALERT'>x</a>"
,
true
),
// event handler attribute
OME
(
"<img alt='1' onmouseenter='#ALERT'>"
,
true
),
// onmouseenter event handler attribute
OML
(
"<img alt='1' onmouseleave='#ALERT'>"
,
true
),
// onmouseleave event handler attribute
OFI
(
"<a href='#' onfocusin='#ALERT'>x</a>"
,
true
),
// onfocusin event handler attribute
OBE
(
"<a onbogusevent='#ALERT'>x</a>"
,
true
),
// bogus/future event handler attribute
URI
(
"<a href='javascript:#ALERT'>x</a>"
,
true
);
// javascript URI
/**
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录