Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8185991

Illegal SystemId causes TransformerFactory to compute an illegal classname

    Details

    • Type: Bug
    • Status: Open
    • Priority: P5
    • Resolution: Unresolved
    • Affects Version/s: 10
    • Fix Version/s: tbd
    • Component/s: xml
    • Labels:
      None
    • Subcomponent:

      Description

      There are two issues.

      (1) No validation in Source::setSystemId​(String systemId)
           The correctness of a SystemId is not enforced in Source::setSystemId​(String systemId), that made it possible to pass an Illegal SystemId through a Source object to TransformerFactory.

      (2) No validation when computing the classname
           The implementation of TransformerFactory does not validate the SystemId it gets from a Source. When the SystemId is incorrect, it can result in an illegal classname. This is manifested when the default Java version is upgraded higher, e.g. from Java 1.1 to Java 1.5.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                joehw Joe Wang
                Reporter:
                joehw Joe Wang
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: