- if (Log.on) Log.log(Platform.class, "newBrowserWindow, url = " + url);
- platform._newBrowserWindow(url);
- }
-
- /** quits XWT */
- public static void exit() {
- Log.log(Platform.class, "exiting via Platform.exit()");
- platform._exit();
- }
-
- /** the human-readable name of the key mapped to XWT's 'alt' key */
- public static String altKeyName() { return platform._altKeyName(); }
-
- /** used to notify the user of very serious failures; usually used when logging is not working or unavailable */
- public static void criticalAbort(String message) {
- if (Log.on) Log.log(Platform.class, "Critical Abort:");
- if (Log.on) Log.log(Platform.class, message);
- platform._criticalAbort(message);
- }
-
- /** this method invokes the platform _createSurface() method and then enforces a few post-call invariants */
- public static Surface createSurface(Box b, boolean framed, boolean refreshable) {
- Surface ret = platform._createSurface(b, framed);
- ret.setInvisible(b.invisible);
- b.set(Box.size, 0, ret.width);
- b.set(Box.size, 1, ret.height);
-
- Object titlebar = b.get("titlebar", null, true);
- if (titlebar != null) ret.setTitleBarText(titlebar.toString());
-
- Object icon = b.get("icon", null, true);
- if (icon != null && !"".equals(icon)) {
- Picture pic = Box.getPicture(icon.toString());
- if (pic != null) ret.setIcon(pic);
- else if (Log.on) Log.log(Platform.class, "unable to load icon " + icon);
- }
-
- if (refreshable) {
- Surface.refreshableSurfaceWasCreated = true;
- Surface.allSurfaces.addElement(ret);
- ret.dirty(0, 0, ret.width, ret.height);
- ret.Refresh();
+ // check the URL for well-formedness, as a defense against buffer overflow attacks
+ try {
+ String u = url;
+ if (u.startsWith("https")) u = "http" + u.substring(5);
+ new URL(u);
+ } catch (MalformedURLException e) {
+ Log.info(Platform.class, "URL " + url + " is not well-formed");
+ Log.info(Platform.class, e);