[cp-patches] Patch: Security warning for appletviewer

Lillian Angel langel at redhat.com
Mon Jun 5 14:19:40 UTC 2006


I worked with fitzsim to add a security warning for each applet loaded.
The user has the choice to load (trust) the applet, cancel the loading
of the applet, or load the applet and add the address to a whitelist.
This whitelist is a file that contains a list of applets that the user
would like to trust indefinitely.

All temp appletviewer files and the whitelist are stored in
the .mozilla/plugins/gcjwebplugin-data/ directory.

Tom has checked over all the code and has cleaned it up. This has been
committed. Please comment.

2006-06-05  Lillian Angel  <langel at redhat.com>

        * native/plugin/Makefile.am:
        Fixed to use a set plugin directory in the .mozilla directory.
        All applet logs are now stored here, instead of /tmp.
        * native/plugin/gcjwebplugin.cc:
        Added new fields for security warning.
        (GCJ_NEW): Added code to generate a security warning for all 
	pages that spawn an appletviewer. This warning asks the user if 
	they trust the applet and if they would like to add it to a 
	'whitelist'. This whitelist keeps track of all the addresses 
	the user would like to trust indefinitely.
        (plugin_user_trusts_documentbase): New helper function.
        (plugin_add_documentbase_to_whitelist): New helper function.
        (plugin_ask_user_about_documentbase): New helper function.
        (plugin_in_pipe_callback): Fixed check to determine if 
	channel_error has been set.
        (plugin_start_appletviewer): Likewise.
        (plugin_create_applet_tag):  Reset all fields to null after 
	they have been freed.
        (plugin_send_message_to_appletviewer): Fixed all error checks 
	to determine if channel_error has been set.
        (plugin_stop_appletviewer): Likewise.
        (NP_Initialize): Likewise. Also, added code to determine if 
	directory and file should be created.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: cp.diff
Type: text/x-patch
Size: 27171 bytes
Desc: not available
Url : http://developer.classpath.org/pipermail/classpath-patches/attachments/20060605/8739ff28/cp-0001.bin


More information about the Classpath-patches mailing list