Since canonicalization is an important part of this API, I suggest
renaming toFileURL to
toCanonicalFileURL by analogy with getCanonicalFile.

Also, I'm sure your security experts have already considered the
implications of following or not following symlinks when matching
user-provided paths ...

On Wed, May 25, 2016 at 11:55 AM, Jiangli Zhou <jiangli.z...@oracle.com> wrote:
>
>> On May 25, 2016, at 11:43 AM, Alan Bateman <alan.bate...@oracle.com> wrote:
>>
>>
>>
>> On 25/05/2016 19:28, Jiangli Zhou wrote:
>>> Here is the updated webrev:
>>>
>>>   http://cr.openjdk.java.net/~jiangli/8157716/webrev.01/
>> This patch changes long standing behavior in URLs to resources on the class 
>> path will no longer be URLs to the canonical file path. It's might be okay 
>> but it's impossible to know. I thought the first patch was okay, except for 
>> the typo that Martin pointed out.
>
> My mistake. I’ve re-updated the above webrev. Please refresh the link.
>
> Thanks,
> Jiangli
>
>>
>> -Alan
>

Reply via email to