Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_langtools
提交
43640b26
D
dragonwell8_langtools
项目概览
openanolis
/
dragonwell8_langtools
通知
0
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_langtools
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
43640b26
编写于
10月 17, 2019
作者:
A
andrew
浏览文件
操作
浏览文件
下载
差异文件
Merge
上级
46ef0628
3061e1d7
变更
4
显示空白变更内容
内联
并排
Showing
4 changed file
with
20 addition
and
42 deletion
+20
-42
.hgtags
.hgtags
+5
-0
THIRD_PARTY_README
THIRD_PARTY_README
+5
-10
src/share/classes/com/sun/tools/javadoc/JavaScriptScanner.java
...hare/classes/com/sun/tools/javadoc/JavaScriptScanner.java
+5
-31
test/tools/javadoc/TestScriptInComment.java
test/tools/javadoc/TestScriptInComment.java
+5
-1
未找到文件。
.hgtags
浏览文件 @
43640b26
...
...
@@ -1012,3 +1012,8 @@ d859443cacf81207f0879e9f21810b102afdb240 jdk8u232-b01
3de2732a8241c8c85a85942f7341ad48491976d9 jdk8u232-b04
415c49110391d46dbb9be24154c2ad1b4157790a jdk8u232-b05
2338eb5fa755608b47e12ae1d8baa217cd64ee98 jdk8u242-b00
dd568d0e5e10a0dfc05ace7f16bbac5ad6eddde5 jdk8u232-b06
3b3a43588afb9fbdb1b95c475a11d3529a3d9cb5 jdk8u232-b07
4bc16c3608302128648e92c80f3b396372471383 jdk8u232-b08
735048c9f2d6835b76a436beffd29565f28a2a36 jdk8u232-b09
735048c9f2d6835b76a436beffd29565f28a2a36 jdk8u232-ga
THIRD_PARTY_README
浏览文件 @
43640b26
...
...
@@ -2130,13 +2130,13 @@ Exhibit B - "Incompatible With Secondary Licenses" Notice
-------------------------------------------------------------------------------
%% This notice is provided with respect to PC/SC Lite
for Suse Linux v.1.1.1
,
%% This notice is provided with respect to PC/SC Lite
v1.8.24
,
which may be included with JRE 8, JDK 8, and OpenJDK 8 on Linux and Solaris.
--- begin of LICENSE ---
Copyright (c) 1999-200
4
David Corcoran <corcoran@linuxnet.com>
Copyright (c)
1999-2004 Ludovic Rousseau <ludovic.rousseau (at)
free.fr>
Copyright (c) 1999-200
3
David Corcoran <corcoran@linuxnet.com>
Copyright (c)
2001-2011 Ludovic Rousseau <ludovic.rousseau@
free.fr>
All rights reserved.
Redistribution and use in source and binary forms, with or without
...
...
@@ -2148,12 +2148,7 @@ are met:
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
must display the following acknowledgement:
This product includes software developed by:
David Corcoran <corcoran@linuxnet.com>
http://www.linuxnet.com (MUSCLE)
4. The name of the author may not be used to endorse or promote products
3. The name of the author may not be used to endorse or promote products
derived from this software without specific prior written permission.
Changes to this license can be made only by the copyright author with
...
...
src/share/classes/com/sun/tools/javadoc/JavaScriptScanner.java
浏览文件 @
43640b26
...
...
@@ -68,12 +68,10 @@ public class JavaScriptScanner {
private
boolean
newline
=
true
;
Map
<
String
,
TagParser
>
tagParsers
;
Set
<
String
>
eventAttrs
;
Set
<
String
>
uriAttrs
;
public
JavaScriptScanner
()
{
initTagParsers
();
initEventAttrs
();
initURIAttrs
();
}
...
...
@@ -100,7 +98,11 @@ public class JavaScriptScanner {
private
void
checkHtmlAttr
(
String
name
,
String
value
)
{
String
n
=
name
.
toLowerCase
(
Locale
.
ENGLISH
);
if
(
eventAttrs
.
contains
(
n
)
// https://www.w3.org/TR/html52/fullindex.html#attributes-table
// See https://www.w3.org/TR/html52/webappapis.html#events-event-handlers
// An event handler has a name, which always starts with "on" and is followed by
// the name of the event for which it is intended.
if
(
n
.
startsWith
(
"on"
)
||
uriAttrs
.
contains
(
n
)
&&
value
!=
null
&&
value
.
toLowerCase
(
Locale
.
ENGLISH
).
trim
().
startsWith
(
"javascript:"
))
{
reporter
.
report
();
...
...
@@ -1060,34 +1062,6 @@ public class JavaScriptScanner {
}
private
void
initEventAttrs
()
{
eventAttrs
=
new
HashSet
<>(
Arrays
.
asList
(
// See https://www.w3.org/TR/html-markup/global-attributes.html#common.attrs.event-handler
"onabort"
,
"onblur"
,
"oncanplay"
,
"oncanplaythrough"
,
"onchange"
,
"onclick"
,
"oncontextmenu"
,
"ondblclick"
,
"ondrag"
,
"ondragend"
,
"ondragenter"
,
"ondragleave"
,
"ondragover"
,
"ondragstart"
,
"ondrop"
,
"ondurationchange"
,
"onemptied"
,
"onended"
,
"onerror"
,
"onfocus"
,
"oninput"
,
"oninvalid"
,
"onkeydown"
,
"onkeypress"
,
"onkeyup"
,
"onload"
,
"onloadeddata"
,
"onloadedmetadata"
,
"onloadstart"
,
"onmousedown"
,
"onmousemove"
,
"onmouseout"
,
"onmouseover"
,
"onmouseup"
,
"onmousewheel"
,
"onpause"
,
"onplay"
,
"onplaying"
,
"onprogress"
,
"onratechange"
,
"onreadystatechange"
,
"onreset"
,
"onscroll"
,
"onseeked"
,
"onseeking"
,
"onselect"
,
"onshow"
,
"onstalled"
,
"onsubmit"
,
"onsuspend"
,
"ontimeupdate"
,
"onvolumechange"
,
"onwaiting"
,
// See https://www.w3.org/TR/html4/sgml/dtd.html
// Most of the attributes that take a %Script are also defined as event handlers
// in HTML 5. The one exception is onunload.
// "onchange", "onclick", "ondblclick", "onfocus",
// "onkeydown", "onkeypress", "onkeyup", "onload",
// "onmousedown", "onmousemove", "onmouseout", "onmouseover",
// "onmouseup", "onreset", "onselect", "onsubmit",
"onunload"
));
}
private
void
initURIAttrs
()
{
uriAttrs
=
new
HashSet
<>(
Arrays
.
asList
(
// See https://www.w3.org/TR/html4/sgml/dtd.html
...
...
test/tools/javadoc/TestScriptInComment.java
浏览文件 @
43640b26
...
...
@@ -25,7 +25,7 @@
/**
* @test
* @bug 8138725
* @bug 8138725
8226765
* @summary test --allow-script-in-comments
* @run main TestScriptInComment
*/
...
...
@@ -65,6 +65,10 @@ public class TestScriptInComment {
WS
(
"< script >#ALERT</script>"
,
false
,
"-Xdoclint:none"
),
// script tag with invalid white space
SA
(
"<script src=\"file\"> #ALERT </script>"
,
true
),
// script tag with an attribute
ON
(
"<a onclick='#ALERT'>x</a>"
,
true
),
// event handler attribute
OME
(
"<img alt='1' onmouseenter='#ALERT'>"
,
true
),
// onmouseenter event handler attribute
OML
(
"<img alt='1' onmouseleave='#ALERT'>"
,
true
),
// onmouseleave event handler attribute
OFI
(
"<a href='#' onfocusin='#ALERT'>x</a>"
,
true
),
// onfocusin event handler attribute
OBE
(
"<a onbogusevent='#ALERT'>x</a>"
,
true
),
// bogus/future event handler attribute
URI
(
"<a href='javascript:#ALERT'>x</a>"
,
true
);
// javadcript URI
/**
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录