Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8139228

JFileChooser renders file names as HTML document

XMLWordPrintable

    • b25
    • x86
    • linux

        FULL PRODUCT VERSION :


        A DESCRIPTION OF THE PROBLEM :
        Every file name that starts with "<html>" [1] triggers HTML renderer
        which may confuse users and cause security and stability issues.

        This can be reproduced probably in all JDK versions.

        [1] http://www.oracle.com/technetwork/java/seccodeguide-139067.html#3-7

        STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
        1. Open javax.swing.JFileChooser (e.g. the one in jdk-demos/demo/jfc/FileChooserDemo)
        2. Click "New Folder"
        3. Enter new name that starts with <html>:

        <html><h1 color=#ff00ff><font face="Comic Sans MS">SWING ROCKS!!!111
        (huge pink banner)

        <html><object classid=javax.swing.JTree>
        (instantiate and display a JTree object via creepy ObjectView's [1] syntax)

        Note that on Windows platform it may be
        impossible to create such name by default.

        [1] http://docs.oracle.com/javase/8/docs/api/javax/swing/text/html/ObjectView.html


        REPRODUCIBILITY :
        This bug can be reproduced always.

          1. Capture.PNG
            Capture.PNG
            19 kB
          2. Capture1.PNG
            Capture1.PNG
            19 kB
          3. Filechooser.java
            0.6 kB

              tr Tejesh R
              webbuggrp Webbug Group
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: