[
https://issues.apache.org/jira/browse/NETBEANS-96?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16248547#comment-16248547
]
ASF GitHub Bot commented on NETBEANS-96:
----------------------------------------
matthiasblaesing commented on issue #161: [NETBEANS-96] New PAC Script
evaluation environment
URL:
https://github.com/apache/incubator-netbeans/pull/161#issuecomment-343670673
I gave it another look I have one further comment on the code itself - the
spec version of lib.jna.platform needs to be incremented, as the change in the
friend-packages indicates that the package needs an update. Some of the files
are also missing license headers. I made these here:
- based on a rebased+squashed changeset:
https://github.com/matthiasblaesing/incubator-netbeans/tree/pr161-rebase
https://github.com/matthiasblaesing/incubator-netbeans/commit/6e21bcdd1c5d9f3eab4868b5ed1245c94b9c02be
- based on your branch:
https://github.com/matthiasblaesing/incubator-netbeans/tree/pr161-review
https://github.com/matthiasblaesing/incubator-netbeans/commit/5826080b5301846ff2e38cb2f004e0f470526cc4
One structural question: Is there a reason for the friend-exports? I don't
see usage of the org.netbeans.core.network packages in org.netbeans.core. Is
there a concrete use-case/usage you have planed? Is it really sensible to have
a different implementation of the JS evaluation environment for the PAC, that
is not better done in the core implementation?
From my perspective that would be the last two things - I noticed this while
I prepared the merge.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> New PAC Script evaluator
> ------------------------
>
> Key: NETBEANS-96
> URL: https://issues.apache.org/jira/browse/NETBEANS-96
> Project: NetBeans
> Issue Type: Improvement
> Reporter: lbruun
> Labels: pull-request-available
>
> The current [PAC script|https://en.wikipedia.org/wiki/Proxy_auto-config]
> evaluator (in {{core.network}}) was developed pre-Nashorn and has a few
> problems:
> * It simply fails with Nashorn - but not with Rhino - if the downloaded
> script uses {{isInNet()}}. This was reported in [Bug
> 245116|https://netbeans.org/bugzilla/show_bug.cgi?id=245116]. It fails
> silently in this case and defaults to no proxy. The user will never know the
> reason - not even by looking in the message log - that there was an error.
> * It doesn't implement two mandatory JavaScript helper methods,
> {{dnsResolve()}} and {{myIpAddress()}}. This is a known issue. This causes
> many PAC scripts to silently fail.
> * It doesn't implement Microsoft's IPv6-aware additions to the PAC standard.
> This is a problem in MS shops because they will have designed their PAC
> script to be compatible with MS IE and MS Edge (which unsurprisingly support
> these functions .. as do Chrome).
> * It uses a small JavaScript helper, {{nsProxyAutoConfig.js}}, which uses a
> license which is not compatible with Apache. This is described in NETBEANS-4.
> * Isn't executing the downloaded PAC script in a sandboxed environment. (The
> PAC script should be treated as hostile because the download may have been
> spoofed. Browsers indeed treat the PAC script as hostile and so should
> NetBeans).
> Pull Request with a new implementation is on its way.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
