-
Bug
-
Resolution: Unresolved
-
P3
-
8, 9, 11, 15, 16
-
x86
-
linux
FULL PRODUCT VERSION :
A DESCRIPTION OF THE PROBLEM :
Every file name that starts with "<html>" [1] triggers HTML renderer
which may confuse users and cause security and stability issues.
This can be reproduced probably in all JDK versions.
[1] http://www.oracle.com/technetwork/java/seccodeguide-139067.html#3-7
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Open javax.swing.JFileChooser (e.g. the one in jdk-demos/demo/jfc/FileChooserDemo)
2. Click "New Folder"
3. Enter new name that starts with <html>:
<html><h1 color=#ff00ff><font face="Comic Sans MS">SWING ROCKS!!!111
(huge pink banner)
<html><object classid=javax.swing.JTree>
(instantiate and display a JTree object via creepy ObjectView's [1] syntax)
Note that on Windows platform it may be
impossible to create such name by default.
[1] http://docs.oracle.com/javase/8/docs/api/javax/swing/text/html/ObjectView.html
REPRODUCIBILITY :
This bug can be reproduced always.
A DESCRIPTION OF THE PROBLEM :
Every file name that starts with "<html>" [1] triggers HTML renderer
which may confuse users and cause security and stability issues.
This can be reproduced probably in all JDK versions.
[1] http://www.oracle.com/technetwork/java/seccodeguide-139067.html#3-7
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Open javax.swing.JFileChooser (e.g. the one in jdk-demos/demo/jfc/FileChooserDemo)
2. Click "New Folder"
3. Enter new name that starts with <html>:
<html><h1 color=#ff00ff><font face="Comic Sans MS">SWING ROCKS!!!111
(huge pink banner)
<html><object classid=javax.swing.JTree>
(instantiate and display a JTree object via creepy ObjectView's [1] syntax)
Note that on Windows platform it may be
impossible to create such name by default.
[1] http://docs.oracle.com/javase/8/docs/api/javax/swing/text/html/ObjectView.html
REPRODUCIBILITY :
This bug can be reproduced always.
