Merge

43640b26 · andrew · 46ef0628 · 3061e1d7 · 43640b26 · 43640b26
4 changed file
--- a/.hgtags
+++ b/.hgtags
@@ -1012,3 +1012,8 @@ d859443cacf81207f0879e9f21810b102afdb240 jdk8u232-b01
 3de2732a8241c8c85a85942f7341ad48491976d9 jdk8u232-b04
 415c49110391d46dbb9be24154c2ad1b4157790a jdk8u232-b05
 2338eb5fa755608b47e12ae1d8baa217cd64ee98 jdk8u242-b00
+dd568d0e5e10a0dfc05ace7f16bbac5ad6eddde5 jdk8u232-b06
+3b3a43588afb9fbdb1b95c475a11d3529a3d9cb5 jdk8u232-b07
+4bc16c3608302128648e92c80f3b396372471383 jdk8u232-b08
+735048c9f2d6835b76a436beffd29565f28a2a36 jdk8u232-b09
+735048c9f2d6835b76a436beffd29565f28a2a36 jdk8u232-ga
--- a/THIRD_PARTY_README
+++ b/THIRD_PARTY_README
@@ -2130,13 +2130,13 @@ Exhibit B - "Incompatible With Secondary Licenses" Notice

 -------------------------------------------------------------------------------

-%% This notice is provided with respect to PC/SC Lite for Suse Linux v.1.1.1,
+%% This notice is provided with respect to PC/SC Lite v1.8.24,
 which may be included with JRE 8, JDK 8, and OpenJDK 8 on Linux and Solaris.

 --- begin of LICENSE ---

-Copyright (c) 1999-2004 David Corcoran <corcoran@linuxnet.com>
-Copyright (c) 1999-2004 Ludovic Rousseau <ludovic.rousseau (at) free.fr>
+Copyright (c) 1999-2003 David Corcoran <corcoran@linuxnet.com>
+Copyright (c) 2001-2011 Ludovic Rousseau <ludovic.rousseau@free.fr>
 All rights reserved.

 Redistribution and use in source and binary forms, with or without
@@ -2148,15 +2148,10 @@ are met:
 2. Redistributions in binary form must reproduce the above copyright
   notice, this list of conditions and the following disclaimer in the
   documentation and/or other materials provided with the distribution.
-3. All advertising materials mentioning features or use of this software
-   must display the following acknowledgement:
-     This product includes software developed by: 
-      David Corcoran <corcoran@linuxnet.com>
-      http://www.linuxnet.com (MUSCLE)
-4. The name of the author may not be used to endorse or promote products
+3. The name of the author may not be used to endorse or promote products
   derived from this software without specific prior written permission.

-Changes to this license can be made only by the copyright author with 
+Changes to this license can be made only by the copyright author with
 explicit written consent.

 THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR

--- a/src/share/classes/com/sun/tools/javadoc/JavaScriptScanner.java
+++ b/src/share/classes/com/sun/tools/javadoc/JavaScriptScanner.java
@@ -68,12 +68,10 @@ public class JavaScriptScanner {
    private boolean newline = true;

    Map<String, TagParser> tagParsers;
-    Set<String> eventAttrs;
    Set<String> uriAttrs;

    public JavaScriptScanner() {
        initTagParsers();
-        initEventAttrs();
        initURIAttrs();
    }

@@ -100,7 +98,11 @@ public class JavaScriptScanner {

    private void checkHtmlAttr(String name, String value) {
        String n = name.toLowerCase(Locale.ENGLISH);
-        if (eventAttrs.contains(n)
+        // https://www.w3.org/TR/html52/fullindex.html#attributes-table
+        // See https://www.w3.org/TR/html52/webappapis.html#events-event-handlers
+        // An event handler has a name, which always starts with "on" and is followed by
+        // the name of the event for which it is intended.
+        if (n.startsWith("on")
                || uriAttrs.contains(n)
                    && value != null && value.toLowerCase(Locale.ENGLISH).trim().startsWith("javascript:")) {
            reporter.report();
@@ -1060,34 +1062,6 @@ public class JavaScriptScanner {

    }

-    private void initEventAttrs() {
-        eventAttrs = new HashSet<>(Arrays.asList(
-            // See https://www.w3.org/TR/html-markup/global-attributes.html#common.attrs.event-handler
-            "onabort",  "onblur",  "oncanplay",  "oncanplaythrough",
-            "onchange",  "onclick",  "oncontextmenu",  "ondblclick",
-            "ondrag",  "ondragend",  "ondragenter",  "ondragleave",
-            "ondragover",  "ondragstart",  "ondrop",  "ondurationchange",
-            "onemptied",  "onended",  "onerror",  "onfocus",  "oninput",
-            "oninvalid",  "onkeydown",  "onkeypress",  "onkeyup",
-            "onload",  "onloadeddata",  "onloadedmetadata",  "onloadstart",
-            "onmousedown",  "onmousemove",  "onmouseout",  "onmouseover",
-            "onmouseup",  "onmousewheel",  "onpause",  "onplay",
-            "onplaying",  "onprogress",  "onratechange",  "onreadystatechange",
-            "onreset",  "onscroll",  "onseeked",  "onseeking",
-            "onselect",  "onshow",  "onstalled",  "onsubmit",  "onsuspend",
-            "ontimeupdate",  "onvolumechange",  "onwaiting",
-
-            // See https://www.w3.org/TR/html4/sgml/dtd.html
-            // Most of the attributes that take a %Script are also defined as event handlers
-            // in HTML 5. The one exception is onunload.
-            // "onchange",  "onclick",   "ondblclick",  "onfocus",
-            // "onkeydown",  "onkeypress",  "onkeyup",  "onload",
-            // "onmousedown",  "onmousemove",  "onmouseout",  "onmouseover",
-            // "onmouseup",  "onreset",  "onselect",  "onsubmit",
-            "onunload"
-        ));
-    }
-
    private void initURIAttrs() {
        uriAttrs = new HashSet<>(Arrays.asList(
            // See https://www.w3.org/TR/html4/sgml/dtd.html

--- a/test/tools/javadoc/TestScriptInComment.java
+++ b/test/tools/javadoc/TestScriptInComment.java
@@ -25,7 +25,7 @@

 /**
 * @test
- * @bug 8138725
+ * @bug 8138725 8226765
 * @summary test --allow-script-in-comments
 * @run main TestScriptInComment
 */
@@ -65,6 +65,10 @@ public class TestScriptInComment {
        WS("< script >#ALERT</script>", false, "-Xdoclint:none"), // script tag with invalid white space
        SA("<script src=\"file\"> #ALERT </script>", true), // script tag with an attribute
        ON("<a onclick='#ALERT'>x</a>", true), // event handler attribute
+        OME("<img alt='1' onmouseenter='#ALERT'>", true), // onmouseenter event handler attribute
+        OML("<img alt='1' onmouseleave='#ALERT'>", true), // onmouseleave event handler attribute
+        OFI("<a href='#' onfocusin='#ALERT'>x</a>", true), // onfocusin event handler attribute
+        OBE("<a onbogusevent='#ALERT'>x</a>", true), // bogus/future event handler attribute
        URI("<a href='javascript:#ALERT'>x</a>", true); // javadcript URI

        /**