On 5/4/2013 12:12 AM, Alan Bateman wrote:
On 03/05/2013 19:02, huizhe wang wrote:
:
Removed the repetitive "value" definition from the
setAttribute/setProperty methods. The open statements already have
references to the properties in XMLConstants.
Updated to:
"The default value is implementation specific and therefore not
specified. The following options are provided for consideration:"
The 2nd paragraph already had the "recommendation" when FSP is set to
true (same as in the JEP).
I looked at the updated webrev, again mostly focusing on the
javadoc/spec changes, and this looks much better.
One comment on the "options for consideration" is that it reads "an
empty string to allow no access permission". This might be better as
"an empty string to deny all access to external references".
Done.
In each of the setProperty methods it specifies the exception that are
thrown when a connection is denied. For example in TransformerFactory
it reads "If access is denied during processing due to the restriction
of this property,TransformerConfigurationExceptionwill be thrown by
TransformerFactory". In this case I thought it was Transformer but
more generally the wording doesn't make it clear that it's the parse
or transform or whatever methods that throw the exceptions.
I added more details to TransformerFactory, SchemaFactory and Validator
on what exception is thrown by which method(s), e.g.
*
Access to external DTDs in the source file is restricted to the
protocols specified by the |XMLConstants.ACCESS_EXTERNAL_DTD|
<cid:part1.07080702.03030300@oracle.com> property. If access is
denied during transformation due to the restriction of this
property, |TransformerException|
<cid:part2.01080007.04090706@oracle.com> will be thrown by
|Transformer.transform(Source, Result)|
<cid:part3.07000806.00060704@oracle.com>.
Access to external DTDs in the stylesheet is restricted to the
protocols specified by the |XMLConstants.ACCESS_EXTERNAL_DTD|
<cid:part1.07080702.03030300@oracle.com> property. If access is
denied during the creation of a new transformer due to the
restriction of this property, |TransformerConfigurationException|
will be thrown by the |newTransformer(Source)|
<cid:part5.03040905.02050701@oracle.com> method.
Access to external reference set by the stylesheet processing
instruction, Import and Include element is restricted to the
protocols specified by the |XMLConstants.ACCESS_EXTERNAL_STYLESHEET|
<cid:part6.08070909.09090902@oracle.com> property. If access is
denied during the creation of a new transformer due to the
restriction of this property, |TransformerConfigurationException|
<cid:part7.06070206.07030601@oracle.com> will be thrown by the
|newTransformer(Source)| <cid:part5.03040905.02050701@oracle.com>
method.
Access to external document through XSLT document function is
restricted to the protocols specified by the property. If access is
denied during the transformation due to the restriction of this
property, |TransformerException|
<cid:part2.01080007.04090706@oracle.com> will be thrown by the
|Transformer.transform(Source, Result)|
<cid:part3.07000806.00060704@oracle.com> method.
I agree with Daniel's comment that it is hard to completely assess
whether all code paths have been identified. It's a reminder that this
one needs extensive testing.
True. I've added 176 new tests. JCK team is also testing using the
current build of JAXP RI. I will also run regression tests.
The new webrev included fixes to a couple of test failures in the last
JPRT build.
http://cr.openjdk.java.net/~joehw/jdk8/8011653/webrev/
Thanks,
Joe
-Alan
