>> Because addResourceBundle() was modified to «not» allow the users to expose >> internal resource bundles(for example the users are not able to read content >> of some random bundle), only if internal bundles were registered already by >> java.desktop the user will be able to change/override/remove the data in >> UIDefauls since this data is accessible already to him(via custom resource >> bundle or via UIDefault.put(key,value) or via removeResourceBundle()). > Why not to allow user to load any resource bundle from the java.desktop > module assuming that we allow user to modify UIDefaults resource bandles > arbitrary? Which violation may take place because of still enabling this?
Because it is a way to read the data from internal resource bundle. The user can load this data to UIDefaults and read it. This is unrelated to the modification of UIDefault itself, it is related to the fact that private data can be read. > Why specification of the addResourceBundle() doesn't reflect this limitation? > It is obvious that the fix bears impact in compatibility. The current spec will allow us to revert back the fix, if the impact on the applications will be hight, but for now it is not expected.
