On Fri, 15 Nov 2024 20:12:13 GMT, Roger Riggs <rri...@openjdk.org> wrote:
>> Is that sure? We might have custom handlers there (ContentHandlerFactory is >> a public exported service interface) - some of them might be throwing >> `SecurityException` for reasons of their own. That's why I was >> conservatively keeping this code. Please let me know if you think I should >> just throw SCE now in that case. > > A thrown SecurityException (from a provider) would be handled as any other > RuntimeException. > It is not specified that Providers can throw SecurityException and expect it > to be ignored. > It may be worth a release note, though. I did remove a catch `SecurityException` around a call to `InetAddress.getByName` in `java.net.URL` though. We know that `InetAddress.getByName` no longer throws `SecurityException`. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/22153#discussion_r1844412397
