Maybe yes. The recent insecure approach comes from the historcal past.
Mark Wielaard wrote:
Hi,
After the last discussion about TransferHandler and security issues it
seemed safer to me to just disallow any copy/paste between untrusted
code paths as was suggested earlier.
2005-12-04 Mark Wielaard <[EMAIL PROTECTED]>
* javax/swing/TransferHandler
(TransferAction.actionPerformed): Beep and return when clipboard
is null.
(getClipboard): Return null when access denied.
(clipboard): Removed static field.
Committed,
Mark
------------------------------------------------------------------------
Index: javax/swing/TransferHandler.java
===================================================================
RCS file: /cvsroot/classpath/classpath/javax/swing/TransferHandler.java,v
retrieving revision 1.12
diff -u -r1.12 TransferHandler.java
--- javax/swing/TransferHandler.java 22 Nov 2005 16:07:57 -0000 1.12
+++ javax/swing/TransferHandler.java 4 Dec 2005 19:50:34 -0000
@@ -1,5 +1,5 @@
/* TransferHandler.java --
- Copyright (C) 2004 Free Software Foundation, Inc.
+ Copyright (C) 2004, 2005 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@@ -43,6 +43,7 @@
import java.awt.datatransfer.Transferable;
import java.awt.event.ActionEvent;
import java.awt.event.InputEvent;
+import java.awt.Toolkit;
import java.io.Serializable;
public class TransferHandler implements Serializable
@@ -62,6 +63,13 @@
TransferHandler transferHandler = component.getTransferHandler();
Clipboard clipboard = getClipboard(component);
+ if (clipboard == null)
+ {
+ // Access denied!
+ Toolkit.getDefaultToolkit().beep();
+ return;
+ }
+
if (command.equals(COMMAND_COPY))
transferHandler.exportToClipboard(component, clipboard, COPY);
else if (command.equals(COMMAND_CUT))
@@ -76,8 +84,8 @@
}
/**
- * Get the system cliboard. If not available, create and return the
VM-local
- * clipboard.
+ * Get the system cliboard or null if the caller isn't allowed to
+ * access the system clipboard.
*
* @param component a component, used to get the toolkit.
* @return the clipboard
@@ -85,22 +93,13 @@
private static Clipboard getClipboard(JComponent component)
{
try
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkSystemClipboardAccess();
-
- // We may access the system clipboard.
- return component.getToolkit().getSystemClipboard();
- }
- catch (Exception e)
- {
- // We may not access system clipboard.
- // Create VM-local clipboard if none exists yet.
- if (clipboard == null)
- clipboard = new Clipboard("Clipboard");
- return clipboard;
- }
+ {
+ return component.getToolkit().getSystemClipboard();
+ }
+ catch (SecurityException se)
+ {
+ return null;
+ }
}
}
@@ -118,12 +117,6 @@
private static Action copyAction = new TransferAction(COMMAND_COPY);
private static Action cutAction = new TransferAction(COMMAND_CUT);
private static Action pasteAction = new TransferAction(COMMAND_PASTE);
-
- /**
- * Clipboard if system clipboard may not be used.
- * Package-private to avoid an accessor method.
- */
- static Clipboard clipboard;
private int sourceActions;
private Icon visualRepresentation;
------------------------------------------------------------------------
_______________________________________________
Classpath-patches mailing list
Classpath-patches@gnu.org
http://lists.gnu.org/mailman/listinfo/classpath-patches
_______________________________________________
Classpath-patches mailing list
Classpath-patches@gnu.org
http://lists.gnu.org/mailman/listinfo/classpath-patches