Thu, 17 Oct 2019 13:47:48 +0100
Merge
.hgtags | file | annotate | diff | comparison | revisions |
1.1 --- a/.hgtags Mon Sep 16 14:55:36 2019 +0100 1.2 +++ b/.hgtags Thu Oct 17 13:47:48 2019 +0100 1.3 @@ -1012,3 +1012,8 @@ 1.4 3de2732a8241c8c85a85942f7341ad48491976d9 jdk8u232-b04 1.5 415c49110391d46dbb9be24154c2ad1b4157790a jdk8u232-b05 1.6 2338eb5fa755608b47e12ae1d8baa217cd64ee98 jdk8u242-b00 1.7 +dd568d0e5e10a0dfc05ace7f16bbac5ad6eddde5 jdk8u232-b06 1.8 +3b3a43588afb9fbdb1b95c475a11d3529a3d9cb5 jdk8u232-b07 1.9 +4bc16c3608302128648e92c80f3b396372471383 jdk8u232-b08 1.10 +735048c9f2d6835b76a436beffd29565f28a2a36 jdk8u232-b09 1.11 +735048c9f2d6835b76a436beffd29565f28a2a36 jdk8u232-ga
2.1 --- a/THIRD_PARTY_README Mon Sep 16 14:55:36 2019 +0100 2.2 +++ b/THIRD_PARTY_README Thu Oct 17 13:47:48 2019 +0100 2.3 @@ -2130,13 +2130,13 @@ 2.4 2.5 ------------------------------------------------------------------------------- 2.6 2.7 -%% This notice is provided with respect to PC/SC Lite for Suse Linux v.1.1.1, 2.8 +%% This notice is provided with respect to PC/SC Lite v1.8.24, 2.9 which may be included with JRE 8, JDK 8, and OpenJDK 8 on Linux and Solaris. 2.10 2.11 --- begin of LICENSE --- 2.12 2.13 -Copyright (c) 1999-2004 David Corcoran <corcoran@linuxnet.com> 2.14 -Copyright (c) 1999-2004 Ludovic Rousseau <ludovic.rousseau (at) free.fr> 2.15 +Copyright (c) 1999-2003 David Corcoran <corcoran@linuxnet.com> 2.16 +Copyright (c) 2001-2011 Ludovic Rousseau <ludovic.rousseau@free.fr> 2.17 All rights reserved. 2.18 2.19 Redistribution and use in source and binary forms, with or without 2.20 @@ -2148,15 +2148,10 @@ 2.21 2. Redistributions in binary form must reproduce the above copyright 2.22 notice, this list of conditions and the following disclaimer in the 2.23 documentation and/or other materials provided with the distribution. 2.24 -3. All advertising materials mentioning features or use of this software 2.25 - must display the following acknowledgement: 2.26 - This product includes software developed by: 2.27 - David Corcoran <corcoran@linuxnet.com> 2.28 - http://www.linuxnet.com (MUSCLE) 2.29 -4. The name of the author may not be used to endorse or promote products 2.30 +3. The name of the author may not be used to endorse or promote products 2.31 derived from this software without specific prior written permission. 2.32 2.33 -Changes to this license can be made only by the copyright author with 2.34 +Changes to this license can be made only by the copyright author with 2.35 explicit written consent. 2.36 2.37 THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
3.1 --- a/src/share/classes/com/sun/tools/javadoc/JavaScriptScanner.java Mon Sep 16 14:55:36 2019 +0100 3.2 +++ b/src/share/classes/com/sun/tools/javadoc/JavaScriptScanner.java Thu Oct 17 13:47:48 2019 +0100 3.3 @@ -68,12 +68,10 @@ 3.4 private boolean newline = true; 3.5 3.6 Map<String, TagParser> tagParsers; 3.7 - Set<String> eventAttrs; 3.8 Set<String> uriAttrs; 3.9 3.10 public JavaScriptScanner() { 3.11 initTagParsers(); 3.12 - initEventAttrs(); 3.13 initURIAttrs(); 3.14 } 3.15 3.16 @@ -100,7 +98,11 @@ 3.17 3.18 private void checkHtmlAttr(String name, String value) { 3.19 String n = name.toLowerCase(Locale.ENGLISH); 3.20 - if (eventAttrs.contains(n) 3.21 + // https://www.w3.org/TR/html52/fullindex.html#attributes-table 3.22 + // See https://www.w3.org/TR/html52/webappapis.html#events-event-handlers 3.23 + // An event handler has a name, which always starts with "on" and is followed by 3.24 + // the name of the event for which it is intended. 3.25 + if (n.startsWith("on") 3.26 || uriAttrs.contains(n) 3.27 && value != null && value.toLowerCase(Locale.ENGLISH).trim().startsWith("javascript:")) { 3.28 reporter.report(); 3.29 @@ -1060,34 +1062,6 @@ 3.30 3.31 } 3.32 3.33 - private void initEventAttrs() { 3.34 - eventAttrs = new HashSet<>(Arrays.asList( 3.35 - // See https://www.w3.org/TR/html-markup/global-attributes.html#common.attrs.event-handler 3.36 - "onabort", "onblur", "oncanplay", "oncanplaythrough", 3.37 - "onchange", "onclick", "oncontextmenu", "ondblclick", 3.38 - "ondrag", "ondragend", "ondragenter", "ondragleave", 3.39 - "ondragover", "ondragstart", "ondrop", "ondurationchange", 3.40 - "onemptied", "onended", "onerror", "onfocus", "oninput", 3.41 - "oninvalid", "onkeydown", "onkeypress", "onkeyup", 3.42 - "onload", "onloadeddata", "onloadedmetadata", "onloadstart", 3.43 - "onmousedown", "onmousemove", "onmouseout", "onmouseover", 3.44 - "onmouseup", "onmousewheel", "onpause", "onplay", 3.45 - "onplaying", "onprogress", "onratechange", "onreadystatechange", 3.46 - "onreset", "onscroll", "onseeked", "onseeking", 3.47 - "onselect", "onshow", "onstalled", "onsubmit", "onsuspend", 3.48 - "ontimeupdate", "onvolumechange", "onwaiting", 3.49 - 3.50 - // See https://www.w3.org/TR/html4/sgml/dtd.html 3.51 - // Most of the attributes that take a %Script are also defined as event handlers 3.52 - // in HTML 5. The one exception is onunload. 3.53 - // "onchange", "onclick", "ondblclick", "onfocus", 3.54 - // "onkeydown", "onkeypress", "onkeyup", "onload", 3.55 - // "onmousedown", "onmousemove", "onmouseout", "onmouseover", 3.56 - // "onmouseup", "onreset", "onselect", "onsubmit", 3.57 - "onunload" 3.58 - )); 3.59 - } 3.60 - 3.61 private void initURIAttrs() { 3.62 uriAttrs = new HashSet<>(Arrays.asList( 3.63 // See https://www.w3.org/TR/html4/sgml/dtd.html
4.1 --- a/test/tools/javadoc/TestScriptInComment.java Mon Sep 16 14:55:36 2019 +0100 4.2 +++ b/test/tools/javadoc/TestScriptInComment.java Thu Oct 17 13:47:48 2019 +0100 4.3 @@ -25,7 +25,7 @@ 4.4 4.5 /** 4.6 * @test 4.7 - * @bug 8138725 4.8 + * @bug 8138725 8226765 4.9 * @summary test --allow-script-in-comments 4.10 * @run main TestScriptInComment 4.11 */ 4.12 @@ -65,6 +65,10 @@ 4.13 WS("< script >#ALERT</script>", false, "-Xdoclint:none"), // script tag with invalid white space 4.14 SA("<script src=\"file\"> #ALERT </script>", true), // script tag with an attribute 4.15 ON("<a onclick='#ALERT'>x</a>", true), // event handler attribute 4.16 + OME("<img alt='1' onmouseenter='#ALERT'>", true), // onmouseenter event handler attribute 4.17 + OML("<img alt='1' onmouseleave='#ALERT'>", true), // onmouseleave event handler attribute 4.18 + OFI("<a href='#' onfocusin='#ALERT'>x</a>", true), // onfocusin event handler attribute 4.19 + OBE("<a onbogusevent='#ALERT'>x</a>", true), // bogus/future event handler attribute 4.20 URI("<a href='javascript:#ALERT'>x</a>", true); // javadcript URI 4.21 4.22 /**