On Mon, 31 Oct 2022 20:11:34 GMT, Jim Laskey <jlas...@openjdk.org> wrote:
>> Enhance the Java programming language with string templates, which are >> similar to string literals but contain embedded expressions. A string >> template is interpreted at run time by replacing each expression with the >> result of evaluating that expression, possibly after further validation and >> transformation. This is a [preview language feature and >> API](http://openjdk.java.net/jeps/12). > > Jim Laskey has updated the pull request incrementally with one additional > commit since the last revision: > > Add @SafeVarargs declarations src/java.base/share/classes/java/lang/template/TemplateRuntime.java line 99: > 97: private static <E> List<E> toList(E... elements) { > 98: return JUCA.listFromTrustedArrayNullsAllowed(elements); > 99: } I'm ok with using JUCA to create an unmodifiable list that can contain nulls. However, it "trusts" the argument array, meaning that the array is assumed to be referenced exclusively and so the array reference is used directly in the resulting List object. That implies that one needs to be very careful about the array that gets passed in, otherwise, the resulting List might not actually be unmodifiable. In particular, the call site in StringTemplate.of() https://github.com/openjdk/jdk/pull/10889/files#diff-d4e02e5ead5ad4f2cfe509c58d1145f599285cd6736bbf37e4116045b2fd50bcR309 passes the array obtained from a List parameter that comes directly from a public call, meaning that malicious code could keep a reference to the array returned by `toArray` and modify it later. You could clone the array, or just revert back to the slow path. ------------- PR: https://git.openjdk.org/jdk/pull/10889
