[
https://issues.apache.org/jira/browse/NETBEANS-96?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16248824#comment-16248824
]
ASF GitHub Bot commented on NETBEANS-96:
----------------------------------------
lbruun commented on issue #161: [NETBEANS-96] New PAC Script evaluation
environment
URL:
https://github.com/apache/incubator-netbeans/pull/161#issuecomment-343727045
I've done the requested changes. (license headers, bumped libs.jna.platform
version)
**Wrt frind-packages.**
It is correct that `org.netbeans.core` doesn't need to be friend on
`org.netbeans.core.network`, but there needs to be at least one friend in
`<friend-packages>` for the XML to be valid. If I leave out
`<friend-packages>` completely then I loose two things:
- I do not get any Javadoc produced, thus any adopter will not know what is
possible to do.
- I have no way way to "document" which packages I intend (in a controller
manner for now, hence friend restriction) to be exposed, and which I intend not
be exposed.
In other words: The friend declaration is a trick. If there's another way to
accomplish the same, then by all means.
The `<friend-packages>` section will become even more important in the next
iterations, but even in next iteration I do not really have a specific friend
that I can add, so `org.netbeans.core` kinda acts like a dummy in this respect.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> New PAC Script evaluator
> ------------------------
>
> Key: NETBEANS-96
> URL: https://issues.apache.org/jira/browse/NETBEANS-96
> Project: NetBeans
> Issue Type: Improvement
> Reporter: lbruun
> Labels: pull-request-available
>
> The current [PAC script|https://en.wikipedia.org/wiki/Proxy_auto-config]
> evaluator (in {{core.network}}) was developed pre-Nashorn and has a few
> problems:
> * It simply fails with Nashorn - but not with Rhino - if the downloaded
> script uses {{isInNet()}}. This was reported in [Bug
> 245116|https://netbeans.org/bugzilla/show_bug.cgi?id=245116]. It fails
> silently in this case and defaults to no proxy. The user will never know the
> reason - not even by looking in the message log - that there was an error.
> * It doesn't implement two mandatory JavaScript helper methods,
> {{dnsResolve()}} and {{myIpAddress()}}. This is a known issue. This causes
> many PAC scripts to silently fail.
> * It doesn't implement Microsoft's IPv6-aware additions to the PAC standard.
> This is a problem in MS shops because they will have designed their PAC
> script to be compatible with MS IE and MS Edge (which unsurprisingly support
> these functions .. as do Chrome).
> * It uses a small JavaScript helper, {{nsProxyAutoConfig.js}}, which uses a
> license which is not compatible with Apache. This is described in NETBEANS-4.
> * Isn't executing the downloaded PAC script in a sandboxed environment. (The
> PAC script should be treated as hostile because the download may have been
> spoofed. Browsers indeed treat the PAC script as hostile and so should
> NetBeans).
> Pull Request with a new implementation is on its way.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
