On Tue, 24 Jan 2023 23:29:58 GMT, Phil Race <p...@openjdk.org> wrote:
> SynthLookAndFeel.load(URL) is problematic because applications need to trust > the URL. > As documented in the bug report there are alternative mechanisms and JDK > itself has not used this for the two Synth based L&Fs : Nimbus and GTK. > So deprecating - for removal - and adding warnings now in the docs is > appropriate. I do not think that this method should/must be used by custom L&F only, it is a way to provide custom styles for an existing L&f including Nimbus like discussed here: https://stackoverflow.com/questions/11564597/how-to-use-synthlookandfeel-with-xml-file-where-xml-file-path-will-load-the-fil There is a way to check the permission - security manager, ohh we deprecated it as well, time to rethink that? or do we plan to delete all methods which use URL, or add custom properties here and there to check access? ------------- PR: https://git.openjdk.org/jdk/pull/12175
