Mon, 12 Aug 2019 13:24:23 -0700
8226765: Commentary on Javadoc comments
Reviewed-by: jjg, rhalade, skoivu
1.1 --- a/src/share/classes/com/sun/tools/javadoc/JavaScriptScanner.java Thu Sep 26 07:17:41 2019 +0100 1.2 +++ b/src/share/classes/com/sun/tools/javadoc/JavaScriptScanner.java Mon Aug 12 13:24:23 2019 -0700 1.3 @@ -68,12 +68,10 @@ 1.4 private boolean newline = true; 1.5 1.6 Map<String, TagParser> tagParsers; 1.7 - Set<String> eventAttrs; 1.8 Set<String> uriAttrs; 1.9 1.10 public JavaScriptScanner() { 1.11 initTagParsers(); 1.12 - initEventAttrs(); 1.13 initURIAttrs(); 1.14 } 1.15 1.16 @@ -100,7 +98,11 @@ 1.17 1.18 private void checkHtmlAttr(String name, String value) { 1.19 String n = name.toLowerCase(Locale.ENGLISH); 1.20 - if (eventAttrs.contains(n) 1.21 + // https://www.w3.org/TR/html52/fullindex.html#attributes-table 1.22 + // See https://www.w3.org/TR/html52/webappapis.html#events-event-handlers 1.23 + // An event handler has a name, which always starts with "on" and is followed by 1.24 + // the name of the event for which it is intended. 1.25 + if (n.startsWith("on") 1.26 || uriAttrs.contains(n) 1.27 && value != null && value.toLowerCase(Locale.ENGLISH).trim().startsWith("javascript:")) { 1.28 reporter.report(); 1.29 @@ -1060,34 +1062,6 @@ 1.30 1.31 } 1.32 1.33 - private void initEventAttrs() { 1.34 - eventAttrs = new HashSet<>(Arrays.asList( 1.35 - // See https://www.w3.org/TR/html-markup/global-attributes.html#common.attrs.event-handler 1.36 - "onabort", "onblur", "oncanplay", "oncanplaythrough", 1.37 - "onchange", "onclick", "oncontextmenu", "ondblclick", 1.38 - "ondrag", "ondragend", "ondragenter", "ondragleave", 1.39 - "ondragover", "ondragstart", "ondrop", "ondurationchange", 1.40 - "onemptied", "onended", "onerror", "onfocus", "oninput", 1.41 - "oninvalid", "onkeydown", "onkeypress", "onkeyup", 1.42 - "onload", "onloadeddata", "onloadedmetadata", "onloadstart", 1.43 - "onmousedown", "onmousemove", "onmouseout", "onmouseover", 1.44 - "onmouseup", "onmousewheel", "onpause", "onplay", 1.45 - "onplaying", "onprogress", "onratechange", "onreadystatechange", 1.46 - "onreset", "onscroll", "onseeked", "onseeking", 1.47 - "onselect", "onshow", "onstalled", "onsubmit", "onsuspend", 1.48 - "ontimeupdate", "onvolumechange", "onwaiting", 1.49 - 1.50 - // See https://www.w3.org/TR/html4/sgml/dtd.html 1.51 - // Most of the attributes that take a %Script are also defined as event handlers 1.52 - // in HTML 5. The one exception is onunload. 1.53 - // "onchange", "onclick", "ondblclick", "onfocus", 1.54 - // "onkeydown", "onkeypress", "onkeyup", "onload", 1.55 - // "onmousedown", "onmousemove", "onmouseout", "onmouseover", 1.56 - // "onmouseup", "onreset", "onselect", "onsubmit", 1.57 - "onunload" 1.58 - )); 1.59 - } 1.60 - 1.61 private void initURIAttrs() { 1.62 uriAttrs = new HashSet<>(Arrays.asList( 1.63 // See https://www.w3.org/TR/html4/sgml/dtd.html
2.1 --- a/test/tools/javadoc/TestScriptInComment.java Thu Sep 26 07:17:41 2019 +0100 2.2 +++ b/test/tools/javadoc/TestScriptInComment.java Mon Aug 12 13:24:23 2019 -0700 2.3 @@ -25,7 +25,7 @@ 2.4 2.5 /** 2.6 * @test 2.7 - * @bug 8138725 2.8 + * @bug 8138725 8226765 2.9 * @summary test --allow-script-in-comments 2.10 * @run main TestScriptInComment 2.11 */ 2.12 @@ -65,6 +65,10 @@ 2.13 WS("< script >#ALERT</script>", false, "-Xdoclint:none"), // script tag with invalid white space 2.14 SA("<script src=\"file\"> #ALERT </script>", true), // script tag with an attribute 2.15 ON("<a onclick='#ALERT'>x</a>", true), // event handler attribute 2.16 + OME("<img alt='1' onmouseenter='#ALERT'>", true), // onmouseenter event handler attribute 2.17 + OML("<img alt='1' onmouseleave='#ALERT'>", true), // onmouseleave event handler attribute 2.18 + OFI("<a href='#' onfocusin='#ALERT'>x</a>", true), // onfocusin event handler attribute 2.19 + OBE("<a onbogusevent='#ALERT'>x</a>", true), // bogus/future event handler attribute 2.20 URI("<a href='javascript:#ALERT'>x</a>", true); // javadcript URI 2.21 2.22 /**