On Wed, 2 Jun 2021 01:14:39 GMT, Sergey Bylokhov <s...@openjdk.org> wrote:
> Some useful documentation was added to the JPasswordField. > _Mailing list message from [Alan Snyder](mailto:javali...@cbfiddle.com) on > [swing-dev](mailto:swing-...@mail.openjdk.java.net):_ > How about: > For security reasons, JPasswordField does not display the entered text. (Some > UIs may allow the user to request the display of the entered text.) Your text is already described in the JPasswordField, this is for what this component was created. The current update is just a note that even if the entered text is not displayed to the user it is still in the heap and can be accessed. The security guide will provide some useful information about such cases. > It is a text field. It displays unicode text. Nothing else. It can't display > a graphic such as a dot unless it is a unicode > assigned code point. So if we want to re-define text across the platform to > exclude some subset of unicode it will be > a questionable and difficult job and this informational comment isn't the > place to start. In fact, the JPasswordField is not a text component, and UI "can use whatever graphic techniques it desires to represent the field". This is the reason why the initial text in this fix contained "The text entered in {@code JPasswordField} displays something that was typed". So yes it really may contain something that was typed, in opposite to "displays that something was typed". ------------- PR: https://git.openjdk.java.net/jdk/pull/4296
