Hi,
On Sun, 2005-11-13 at 21:06 +0100, Meskauskas Audrius wrote:
The private method getClipboard in TransferHandler was always returning
the VM local clipboard and not the system clipboard in the case when the
security manager is not installed (typical case).
With this patch, I am able to paste the external data from the system
clipboard into the text field if manually calling the .paste() method
This seems to work. But I don't understand why we are not just
completely ignoring the clipboard if we get a SecurityException. I would
propose the following patch that just makes the call to the Toolkit, the
Toolkit then does the security check, and if we get that we just ignore
the whole thing to prevent clipboard access by untrusted code.
2005-11-19 Mark Wielaard <address@hidden>
* javax/swing/TransferHandler
(TransferAction.actionPerformed): Beep and return when clipboard
is null.
(getClipboard): Return null when access denied.
(clipboard): Removed static field.
What do you think?
Also CCed to Gary since he was investigating security issues in general.
Cheers,
Mark
------------------------------------------------------------------------
Index: javax/swing/TransferHandler.java
===================================================================
RCS file: /cvsroot/classpath/classpath/javax/swing/TransferHandler.java,v
retrieving revision 1.11
diff -u -r1.11 TransferHandler.java
--- javax/swing/TransferHandler.java 13 Nov 2005 20:18:42 -0000 1.11
+++ javax/swing/TransferHandler.java 19 Nov 2005 21:25:06 -0000
@@ -1,5 +1,5 @@
/* TransferHandler.java --
- Copyright (C) 2004 Free Software Foundation, Inc.
+ Copyright (C) 2004, 2005 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@@ -43,6 +43,7 @@
import java.awt.datatransfer.Transferable;
import java.awt.event.ActionEvent;
import java.awt.event.InputEvent;
+import java.awt.Toolkit;
import java.io.Serializable;
public class TransferHandler implements Serializable
@@ -62,6 +63,13 @@
TransferHandler transferHandler = component.getTransferHandler();
Clipboard clipboard = getClipboard(component);
+ if (clipboard == null)
+ {
+ // Access denied!
+ Toolkit.getDefaultToolkit().beep();
+ return;
+ }
+
if (command.equals(COMMAND_COPY))
transferHandler.exportToClipboard(component, clipboard, COPY);
else if (command.equals(COMMAND_CUT))
@@ -76,37 +84,22 @@
}
/**
- * Get the system cliboard. If not available, create and return the
VM-local
- * clipboard.
+ * Get the system cliboard or null if the caller isn't allowed to
+ * access the system clipboard.
*
* @param component a component, used to get the toolkit.
* @return the clipboard
*/
private static Clipboard getClipboard(JComponent component)
{
- // Avoid throwing exception if the system clipboard access failed
- // in the past.
- if (clipboard != null)
- return clipboard;
- else
- {
- try
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkSystemClipboardAccess();
-
- // We may access system clipboard.
- return component.getToolkit().getSystemClipboard();
- }
- catch (Exception e)
- {
- // We may not access system clipboard.
- // Create VM-local clipboard if none exists yet.
- clipboard = new Clipboard("Clipboard");
- return clipboard;
- }
- }
+ try
+ {
+ return component.getToolkit().getSystemClipboard();
+ }
+ catch (SecurityException se)
+ {
+ return null;
+ }
}
}
@@ -124,12 +117,6 @@
private static Action copyAction = new TransferAction(COMMAND_COPY);
private static Action cutAction = new TransferAction(COMMAND_CUT);
private static Action pasteAction = new TransferAction(COMMAND_PASTE);
-
- /**
- * Clipboard if system clipboard may not be used.
- * Package-private to avoid an accessor method.
- */
- static Clipboard clipboard;
private int sourceActions;
private Icon visualRepresentation;