Since canonicalization is an important part of this API, I suggest renaming toFileURL to toCanonicalFileURL by analogy with getCanonicalFile.
Also, I'm sure your security experts have already considered the implications of following or not following symlinks when matching user-provided paths ... On Wed, May 25, 2016 at 11:55 AM, Jiangli Zhou <jiangli.z...@oracle.com> wrote: > >> On May 25, 2016, at 11:43 AM, Alan Bateman <alan.bate...@oracle.com> wrote: >> >> >> >> On 25/05/2016 19:28, Jiangli Zhou wrote: >>> Here is the updated webrev: >>> >>> http://cr.openjdk.java.net/~jiangli/8157716/webrev.01/ >> This patch changes long standing behavior in URLs to resources on the class >> path will no longer be URLs to the canonical file path. It's might be okay >> but it's impossible to know. I thought the first patch was okay, except for >> the typo that Martin pointed out. > > My mistake. I’ve re-updated the above webrev. Please refresh the link. > > Thanks, > Jiangli > >> >> -Alan >