Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Next »

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>00. Security (SEC) - CERT Secure Coding Standards</title>

<script language="javascript">
var contextPath = '/confluence';
var i18n = [];
</script>

<link rel="stylesheet" href="/confluence/s/1116/1/1/_/styles/main-action.css?spaceKey=java" type="text/css" />

<script type="text/javascript" src="/confluence/s/1116/1/_/decorators/effects.js"></script>

<script type="text/javascript">

function toggleMenu(menuId)

Unknown macro: { var visible = toggleVisibility(menuId); if (visible) setCookie("confluence.leftnav." + menuId, true); else setCookie("confluence.leftnav.", false); }

function isMenuExpanded(menuId)

Unknown macro: { return getCookie("confluence.leftnav." + menuId); }

function initMenuItem(menuId)
{
if (document.getElementById(menuId))
{
if (isMenuExpanded(menuId) == 'true')

Unknown macro: { document.getElementById(menuId).style.display = "block"; }

else

Unknown macro: { document.getElementById(menuId).style.display = "none"; }

}
}
</script>

</head>

<body onload="placeFocus()">
<!--BEGIN HEADER -->

<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#ffffff"><tr>
<td valign="middle"><img src="https://www.cert.org/images/1pxinv.gif" width="5" height="94"></td><td valign="middle"><a href="https://www.cert.org/"><img
src="https://www.cert.org/cert/images/cert_logo.gif" alt="CERT" border="0"></a></td><td valign="bottom" align="right" width="100%">

<!-NAVIGATION TABLE->
<table border="0" cellspacing="0" cellpadding="0" width="600"><a href="https://www.cert.org/work/software_assurance.html"><img src="https://www.cert.org/cert/images/1off.jpg"
width="132" height="21"
alt="Software Assurance" border="0"></a><img src="https://www.cert.org/images/1pxinv.gif" width="1" height="21"><a href="https://www.cert.org/work/secure_systems.html"><img
src="https://www.cert.org/cert/images/2off.jpg" width="109" height="21" alt="Secure Systems" border="0"></a><img src="https://www.cert.org/images/1pxinv.gif" width="1" height="21"><a
href="https://www.cert.org/work/organizational_security.html"><img
src="https://www.cert.org/cert/images/3off.jpg" width="140" height="21" alt="Organizational Security" border="0"></a><img src="https://www.cert.org/images/1pxinv.gif" width="1" height="21"><a
href="https://www.cert.org/work/coordinating_response.html"><img
src="https://www.cert.org/cert/images/4off.jpg" width="140" height="21" alt="Coordinating Response" border="0"></a><img
src="https://www.cert.org/images/1pxinv.gif" width="1" height="21"><a href="https://www.cert.org/work/training.html"><img src="https://www.cert.org/cert/images/5off.jpg" width="75"
height="21" alt="Training" border="0"></a></td></tr></table>

<!--END NAVIGATION TABLE -->

</td></tr></table>

<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#666666"><tr><td><img src="https://www.cert.org/images/1pxinv.gif" width="1" height="3"></td></tr></table>

<!--END HEADER -->

<script type="text/javascript">
function hideMessage(messageId)

Unknown macro: { var message = document.getElementById(messageId) message.style.display = "none"; setCookie(messageId, true); }

</script>

<div id="PageContent">
<table cellspacing="0" cellpadding="0" width="100%">
<tr class="topBar">
<td align="left">
 
<span class="topBarDiv fontSizeSmaller">
<script language="JavaScript">
function showBreadcrumbsEllipsis()

Unknown macro: { document.getElementById('breadcrumbsEllipsis').style.display = 'none'; document.getElementById('breadcrumbsExpansion').style.display = 'inline'; }

</script>
<a href="/confluence/dashboard.action">Dashboard</a>
> <a href="/confluence/display/java">java</a>
> <a href="/confluence/display/java/CERT+Java+Secure+Coding+Standard">CERT Java Secure Coding Standard</a>
> <a href="/confluence/display/java/00.Security%28SEC%29">00. Security (SEC)</a>
> Edit Page
</span>
</td>

<td align="right" valign="middle" style="white-space:nowrap">
<form id="quickSearch" method="POST" action="/confluence/dosearchsite.action" name="searchForm">
<input type="hidden" name="quickSearch" value="true" />

<input type="hidden" name="searchQuery.spaceKey" value="conf_global" />
<input type="text" accessKey="s" name="searchQuery.queryString" size="25"/>
<input type="submit" value="Search"/>
</form>
</td>
</tr>
</table>
<table cellspacing="0" cellpadding="0" width="100%">
<tr>
<td width="150px" valign="top" class="sidebar" nowrap>
<div class="leftnav">
<div id="logodiv">
<a href="/confluence/display/java"><img src="/confluence/images/confluence_logo.gif" align="absmiddle" border="0"></a> </div>
<div id="menu">
<table class="sectionMacro" border="0" cellpadding="5" cellspacing="0" width="100%"><tbody><tr>
<td class="confluenceTd" valign="top" width="105%">
<div class='panelMacro'><table class='infoMacro'><tr><td>

<p><b>Standards</b><br/>
<a href="/confluence/display/seccode/CERT+Secure+Coding+Standards" title="CERT Secure Coding Standards">Overview</a><br/>
<a href="/confluence/display/seccode/CERT+C+Secure+Coding+Standard" title="CERT C Secure Coding Standard">C Language</a><br/>
<a href="/confluence/pages/viewpage.action?pageId=637" title="CERT C++ Secure Coding Standard">C++</a></p>

<p><b>CERT Websites</b><br/>
<a href="http://www.cert.org/" rel="nofollow">CERT</a><br/>
<a href="http://www.cert.org/secure-coding" rel="nofollow">Secure Coding</a><br/>
<a href="http://www.cert.org/tech_tips/" rel="nofollow">Tech Tips</a></p>

<p><b>CERT Employment</b> <br/>
<a href="http://www.cert.org/jobs/" rel="nofollow"><b>Opportunities</b></a></p>

<p><a href="http://www.cert.org/books/secure-coding/" rel="nofollow"><img src="https://www.cert.org/images/securec.jpg" align="absmiddle" border="0" width="100" /></a></p>

<p><b>Related Sites</b><br/>
<a href="http://www.us-cert.gov/" rel="nofollow"><img src="https://www.cert.org/images/logo/uscert_4g_sm.jpg" align="absmiddle" border="0" /></a><br/>
<a href="http://www.cylab.cmu.edu/" title="http://www.cylab.cmu.edu/" rel="nofollow"><img src="https://www.cert.org/images/logo/cylab_alt.jpg" align="absmiddle" border="0" /></a></p></td></tr></table></div></td></tr></tbody></table>

<h5><a href="#" onCLick="toggleMenu('pagenav'); return false;"><img src="/confluence/images/icons/docs_16.gif" width=16 height=16 border=0 align=absmiddle > Page Operations</a></h5>
<div id="pagenav" class="subnav" style="display:none;">
<ul>
<li><a id="viewPageLink" href="/confluence/display/java/00.Security%28SEC%29" onClick="javascript:saveDraftOnPageChange(this); return false;" accessKey="v"><u>V</u>iew</a></li>
<li><a id="editPageLink" href="/confluence/pages/editpage.action?pageId=4254" class="current" onClick="javascript:saveDraftOnPageChange(this); return false;" accessKey="e"><u>E</u>dit</a></li>
<li><a id="viewAttachmentsLink" href="/confluence/pages/viewpageattachments.action?pageId=4254" onClick="javascript:saveDraftOnPageChange(this); return false;" accessKey="a"><u>A</u>ttachments (0)</a></li>
<li><a id="viewPageInfoLink" href="/confluence/pages/viewinfo.action?pageId=4254" onClick="javascript:saveDraftOnPageChange(this); return false;" accessKey="i"><u>I</u>nfo</a></li>
</ul>
</div>

<h5><a href="#" onCLick="toggleMenu('browsenav'); return false;"><img src="/confluence/images/icons/browse_space.gif" height="16" width="16" border="0" align="absmiddle" title="Find Content"> Browse Space</a></h5>
<div id="browsenav"class="subnav" style="display:none;">
<ul>
<li><a href="/confluence/pages/listpages.action?key=java" >Pages</a></li>
<li><a href="/confluence/labels/listlabels-heatmap.action?key=java" >Labels</a></li>
<li><a href="/confluence/spaces/listattachmentsforspace.action?key=java" >Attachments</a></li>
<li><a href="/confluence/spaces/viewmailarchive.action?key=java" >Mail</a></li>
<li><a href="/confluence/pages/viewrecentblogposts.action?key=java" >News</a></li>
<li><a href="/confluence/spaces/usage/report.action?key=java" >Activity</a></li>
<li><a href="/confluence/spaces/viewspacesummary.action?key=java" >Advanced</a></li>
</ul>
</div>

<h5><a href="#" onCLick="toggleMenu('addcontent'); return false;"><img src="/confluence/images/icons/add_16.gif" height="16" width="16" border="0" align="absmiddle" title="Find Content"> Add Content</a></h5>
<div id="addcontent" class="subnav" style="display:none;">
<ul>

<li><a href="/confluence/pages/createpage.action?spaceKey=java&fromPageId=4254"><img src="/confluence/images/icons/add_page_16.gif" height="16" width="16" border="0" align="absmiddle" title="Add Page"> Add Page</a></li>
</ul>
</div>

</div>
<script type="text/javascript">
initMenuItem("browsenav");
initMenuItem("pagenav");
initMenuItem("addcontent");
</script>
</div>
</td>
<td valign="top" width="100%">
<!-- Inner content table -->
<table width="100%" cellpadding="2" cellspacing="0">
<tr>
<td colspan="2" valign="middle" align="right" style="background-color:#F0F0F0">
<div style="margin-right: 3px;">

<span class="smalltext" id="userNavBar">
Welcome <a href="/confluence/display/~jpincar">Justin Pincar</a> |

<a href="/confluence/users/viewuserhistory.action" onClick="window.open(this.href,'user_history', 'width=620, height=150, resizable'); return false;" title="View History">History</a> |

<a href="/confluence/users/viewuserprofile.action?username=jpincar">Preferences</a> |

<a href="/confluence/logout.action" id="logout">Log Out</a> 
</span>
<a href="/confluence/pages/editpage.action?pageId=4254&decorator=printable" rel="nofollow"><img src="/confluence/images/icons/print_16.gif" width="16" height="16" hspace="1" vspace="1" align="absmiddle" border="0" alt="View a printable version of the current page." title="View a printable version of the current page."/></a>

<a href="/confluence/pages/doexportpage.action?pageId=4254&type=TYPE_PDF" rel="nofollow">
<img src="/confluence/images/icons/attachments/pdf.gif" height="16" width="16" border="0" align="absmiddle" title="Export Page as PDF"></a>

</div>
</td>
</tr>
<tr>
<td id="mainViewPane">
<div>
<table class="fullWidthBorderless">
<td><span id="spaceFullNameLink"> <a href="/confluence/display/java">java</a> </span></td>
<td align="right">
<a id="pageFavourite" href="/confluence/labels/addfavourite.action?entityId=4254"><img src="/confluence/images/icons/star_grey.gif" height="16" width="16" border="0" align="absmiddle" title="Add this page to your favourites list" alt="Add this page to your favourites list"></a>
<a id="pageWatch" href="/confluence/pages/addpagenotification.action?pageId=4254"><img src="/confluence/images/icons/watch_16.gif" height="16" width="16" border="0" align="absmiddle" title="Watch this page" alt="Watch this page"></a>
</td>
</table>
<div class="pagetitle" style="padding: 0px; margin-bottom:5px; margin-top: 2px;">
00. Security (SEC)
</div>
</div>
<div id="content">
<!-- call the page decorator -->
<!--
Root decorator: all decisions about how a page is to be decorated via the
inline decoration begins here.
-->

<!--
Switch based upon the context. However, for now, just delegate to a decorator
identified directly by the context.
-->

<!--[if gte IE 5.5000]>
<script language="JavaScript">
function correctPNG() // correctly handle PNG transparency in Win IE 5.5 or higher.
{
for(var i=0; i<document.images.length; i++)
{
var img = document.images[i]
var imgName = img.src.toUpperCase()
if (imgName.substring(imgName.length-3, imgName.length) == "PNG")

Unknown macro: { var imgID = (img.id) ? "id='" + img.id + "' " }

}
}
window.attachEvent("onload", correctPNG);
</script>
<![endif]-->

<style>
.imageLink

Unknown macro: { margin}

/Overwritten styles in the main.css/
.greybox

Unknown macro: { border}

</style>

<div id="editpage">
<!-- is the user logged in? -->

<script type="text/javascript" src="/confluence/s/1116/1/_/editpage-javascript"></script>

<script type="text/javascript" language="JavaScript">
var domainName = 'https://www.securecoding.cert.org/confluence';
var entityId = '4254';
var spaceKey = 'java';

function toggleHierarchy()
{
// prepare to toggle the hierarchy checkbox
var selectbox = document.getElementById('newSpaceKey');
var checkbox = document.getElementById('hierarchy_checkbox');
var checkboxText = document.getElementById('hierarchy_text');
if (selectbox != undefined && selectbox.type == "select-one")
{
var selectedSpaceKey = selectbox.options[selectbox.selectedIndex].value;
var currentSpaceKey = 'java';

if(currentSpaceKey != selectedSpaceKey)

Unknown macro: { checkbox.disabled=false; checkbox.checked=false; checkboxText.style.color='black'; }

else

Unknown macro: { checkbox.disabled=true; checkbox.checked = true; checkboxText.style.color='lightgrey'; }

}
}

</script>

<form id="editpageform" name="editpageform" method="post" action="doeditpage.action?pageId=4254">
<input
type="hidden"
name="originalVersion" value="8" /> <input
type="hidden"
name="originalContent" value="h2. Recommendations

[SEC00-J. Do not allow exceptions to transmit sensitive information]

[SEC01-A. Be careful using doPrivileged]

[SEC02-A. Beware of standard APIs that may bypass Security Manager checks]

[SEC03-A. Beware of standard APIs that may use the immediate caller's class loader instance]

[SEC04-A. Beware of standard APIs that perform access checks against the immediate caller]

[SEC05-A. Handle exceptions appropriately]

Rules

[SEC30-C. Always use a Security Manager]

[SEC31-C. Never grant AllPermission]

[SEC32-C. Do not grant ReflectPermission with action suppressAccessChecks]

[SEC33-C. Define wrappers around native methods]

[SEC34-C. Do not allow the unauthorized construction of sensitive classes]

[SEC35-C. Provide mutable classes with a clone method]

[SEC36-C. Ensure that the bytecode verifier is applied to all involved code upon any modification]

Risk Assessment Summary

Rules

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SEC30-C

high

likely

low

P27

L1

SEC31-C

medium

probable

medium

P8

L2

SEC32-C

low

unlikely

high

P1

L3

" /> <input
type="hidden"
name="labelsShowing" value="false" id="labelsShowing" /> <input
type="hidden"
name="restrictionsShowing" value="false" id="restrictionsShowing" /> <input
type="hidden"
name="locationShowing" value="false" id="locationShowing" />

<div id="editBox">
<!-headerRow with padding of 10px. needs to be renamed->

<div id="headerRow">

<!--Remove Page Link -->
<div style="float:right;">
<a href="/confluence/pages/removepage.action?pageId=4254"><img src="/confluence/images/icons/trash_16.gif" width="16" height="16" border="0px" align="absmiddle" title="Remove"></a> <a href="/confluence/pages/removepage.action?pageId=4254">Remove Page</a>
</div>
<div style="float:left"/>
<!-title text field->
<div style="margin-bottom:5px;">
<input type="text"
name="title"
size="55" value="00. Security (SEC)" tabindex="1" class="pagetitle" /> </div>

<!-- Start location section -->
<div class="inputSection">

<script>
<!--

function hideLocationDiv()
{
$('location_div').style.display = 'none';
publishFormData($('newSpaceKey'), $('space_info'), $('space_content'));
publishFormData($('parentPageString'), $('parent_info'), $('parent_content'));

$('location_edit_link').innerHTML = "EDIT";
highlight($('location_info'));
}

function showLocationDiv()
{
$('location_div').style.display = 'block';
$('location_edit_link').innerHTML = "DONE";
}

function toggleLocation()
{
if($('location_div').style.display == 'none')

Unknown macro: { showLocationDiv(); }

else

Unknown macro: { hideLocationDiv(); }

return false;
}

//-->
</script>

<span class="formtitle">Location:</span>
<span id="location_info" onclick="toggleLocation()">
<span id="space_info" >
<span id="space_content">java</span>
</span>
<span id="parent_info" >
> <span id="parent_content">CERT Java Secure Coding Standard</span>
</span>
<span class="inline-control-link fontSizeTiny" id="location_edit_link">EDIT</span>
</span>
<div id="location_div" class="toggleFormDiv" style="padding: 8px; display:none">
<table>
<tr>
<td valign="top">
<div>
<div>
<label onclick="toggleLocation()" class="formtitle">Space</label>
<br />
<select id="newSpaceKey" name="newSpaceKey" tabindex="3" onChange="toggleHierarchy(); blankParent();">
<option value="cplusplus" >C++ Secure Coding Practices</option>
<option value="java" selected>java</option>
<option value="seccode" >Secure Coding</option>
<option value="SD" >Secure Design</option>
</select>
</div>
</div>
</td>
<td valign="top">
<div>

<div class="formtitle">
Parent Page
</div>
<input type="text"
name="parentPageString"
size="30" value="CERT Java Secure Coding Standard" tabindex="2" id="parentPageString" /> <a href="#" onClick="window.open('/confluence/users/spacepagepicker.action?pageId=4254&currentspace=' + document.getElementById('newSpaceKey').value + '&formname=editpageform&fieldname=parentPageString&mode=history','link_inserter', 'width=620, height=400, resizable, scrollbars=yes'); return false;" title="Choose Page" tabindex="diabled"><img src="/confluence/images/icons/document_zoom_in_16.gif" width="16" height="16" border="0" tabindex="diabled" align="absmiddle"></a>
</div>
</td>
</tr>
<tr>
<td id="hierarchy_checkbox_area">
<input id="hierarchy_checkbox" tabindex="4" type="checkbox" name="moveHierarchy" value="true" />
<label for="hierarchy_checkbox">
<span id="hierarchy_text" class="smalltext">Move children?</span>
</label>
</td>
<td> </td>
</tr>
</table>
</div>

<script>
</script>
</div>
</div>
<!-- End location section -->
<div>
<!-- edit page form -->
<!-- captcha form elements -->
<br style="clear: both" />
</div>
<!-content editor->
<div class="inputSection">
<div style="float:right;">
<div class="submitButtons">
<input
tabindex="102" accessKey="s" type="submit" name="confirm" value="Save"/>  
<input
tabindex="104" type="submit" name="cancel" value="Cancel"/> </div>
</div>
<div id="editorDiv" style="width:100%">

<script type="text/javascript">
var contentId = "4254" ;

// this function is needed to store the caret position for IE browsers
// you need to insert a call to storeCaret(this); to the onclick, onselect and onkeyup events of
// the textarea you are editing
function storeCaret(textAreaObject)
{
if (textAreaObject.createTextRange) // test for IE browsers

Unknown macro: { textAreaObject.caretPos = document.selection.createRange().duplicate(); }

}

// this function stores the selected and unselected text for the textarea in hidden fields on the form
function storeTextareaBits()
{
var t = $('markupTextarea');
var currentForm = getCurrentForm();

if (t.selectionStart != null)

Unknown macro: { // for netscape, mozilla, gecko t.sel = t.value.substr(t.selectionStart, t.selectionEnd - t.selectionStart); t.sel1 = t.value.substr(0, t.selectionStart); t.sel2 = t.value.substr(t.selectionEnd); currentForm.selectedText.value = t.sel; }

else if (document.selection && document.selection.createRange)
{
// for ie
var str = document.selection.createRange().text;
try

Unknown macro: { currentForm.elements['content'].focus(); }

catch (e)

Unknown macro: { // ignore }

var sel = document.selection.createRange();
currentForm.selectedText.value = sel.text;
return;
}
}

function showRichText(show)
{
}

function showMarkup(show)
{
if(show)
{
$('markup').style.display = 'block';
$('markupTab').className = 'current';

if ($('helptd'))
{
try

Unknown macro: { $('helptd').style.display = 'table-cell'; }

catch (e)

Unknown macro: { // IE throws exception with invalid display type, so // we'll use the incorrect value of 'block' $('helptd').style.display = 'block'; }

}
if ($('linkinserters'))

Unknown macro: { $('linkinserters').style.display = 'block'; }

}
else
{
$('markup').style.display = 'none';
$('markupTab').className = '';

if ($('helptd'))

Unknown macro: { $('helptd').style.display = 'none'; }

if ($('linkinserters'))

Unknown macro: { $('linkinserters').style.display = 'none'; }

}
}

function showPreview(show)
{
if(show)

Unknown macro: { $('preview').style.display = 'block'; $('previewTab').className = 'current'; }

else

Unknown macro: { $('preview').style.display = 'none'; $('previewTab').className = ''; }

}

function setRichTextDefault(value)

Unknown macro: { AjaxUserProfileEditor.setPreferenceUserEditWysiwyg(value); $('makeRichTextDefault').style.display = 'none'; $('makeMarkupDefault').style.display = 'none'; }

function showWaitImage(flag)

Unknown macro: { $('wysiwygWaitImage').style.visibility = (flag ? 'visible' }

function reply_setTextArea(s)

Unknown macro: { showWaitImage(false); setMode('markup'); if (s != null) $('markupTextarea').value = s; }

function reply_setEditorValue(s)

Unknown macro: { showWaitImage(false); setMode('richtext'); setEditorValue(s); }

function reply_setPreviewArea(s)

Unknown macro: { showWaitImage(false); setMode('preview'); $('previewArea').innerHTML = s; }

/**

  • Set up the page for rich text or markup editing
    */
    function setMode(mode)
    {
    var inRichText = inRichTextMode();
    var form = getCurrentForm();
    form.mode.value = mode;
    if (mode != 'preview')
    Unknown macro: { form.xhtml.value = (mode == 'richtext'); }

if (mode == 'richtext')

Unknown macro: { showRichText(true); showMarkup(false); showPreview(false); }

if (mode == 'markup')

Unknown macro: { if (inRichText) showRichText(false); showMarkup(true); showPreview(false); }

if (mode == 'preview')
{
saveDraft(null);
if (inRichText)

Unknown macro: { // get the editor content in case we come back to wiki-markup lastKnownGoodContent = getEditorHTML() + ""; showRichText(false); }

showMarkup(false);
showPreview(true);
}
}

// Hide and show the "make default" links, based on what mode the user is currently in, and what the WYSIWYG setting is
function showDefaultLinks(defaultIsWysiwyg)
{
var showRichTextDefault = false;
var showMarkupDefault = false;
var form = getCurrentForm();

// If we are in MARKUP mode, show the text to set markup as default
if (defaultIsWysiwyg && form.mode.value == 'markup')

Unknown macro: { showMarkupDefault = true; }

// If we are in RICHTEXT mode, show the text to set richtext as default
else if (!defaultIsWysiwyg && form.mode.value == 'richtext')

Unknown macro: { showRichTextDefault = true; }

$('makeRichTextDefault').style.display = (showRichTextDefault ? 'inline' : 'none');
$('makeMarkupDefault').style.display = (showMarkupDefault ? 'inline' : 'none');
}

// Save the last edit mode in case the user changes to preview and from there to the other edit mode...
// then we will have to convert the markup to XHTML or vice verca.
var lastEditMode;

var lastKnownGoodContent = null;

function inRichTextMode()

Unknown macro: { var form = getCurrentForm(); return form.mode.value == 'richtext'; }

function changeMode(mode)
{
var form = getCurrentForm();

if (form.mode.value != mode)
{
showWaitImage(true);

if (mode == 'markup') // going from wysiwyg to markup
{
// If the current mode is preview...
if (form.mode.value == 'preview')
{
// Markup -> Preview -> Markup
// We don't need to do any conversion...
if(lastEditMode == 'markup')

Unknown macro: { reply_setTextArea(null); }

// WYSIWYG -> Preview -> Markup
// Convert the WYSIWYG html to wiki markup
else

Unknown macro: { WysiwygConverter.convertXHtmlToWikiMarkupWithoutPage(lastKnownGoodContent,contentId,reply_setTextArea); }

}
// WYSIWYG -> Markup, so just convert
else

Unknown macro: { WysiwygConverter.convertXHtmlToWikiMarkupWithoutPage(getEditorHTML() + "",contentId,reply_setTextArea); }

}

else if (mode == 'richtext')// going from markup to wysiwyg
{
var textarea = $('markupTextarea');

// If the current mode is preview...
if (form.mode.value == 'preview')
{
// WYSIWYG -> Preview -> WYSIWYG
// We don't need to reload or convert the contents of the tinyMCE editor
if(lastEditMode == 'richtext')

Unknown macro: { reply_setEditorValue(null); }

// Markup -> Preview -> WYSIWYG
// Convert the markup to be used with WYSIWYG
else

Unknown macro: { WysiwygConverter.convertWikiMarkupToXHtmlWithoutPage(textarea.value,contentId, reply_setEditorValue); }

}
// Markup -> WYSIWYG, so just grab the contents of the markup textarea and convert it to be used with WYSIWYG
else

Unknown macro: { WysiwygConverter.convertWikiMarkupToXHtmlWithoutPage(textarea.value,contentId, reply_setEditorValue); }

}

else // viewing the preview
{
// WYSIWYG -> Preview
if (form.mode.value == 'richtext')

Unknown macro: { lastEditMode = 'richtext'; var html = getEditorHTML() + ""; lastKnownGoodContent = html; WysiwygConverter.convertToPreview(html,contentId, 'java', 'richtext', reply_setPreviewArea); }

// Markup -> Preview
else

Unknown macro: { lastEditMode = 'markup'; var textarea = $('markupTextarea'); WysiwygConverter.convertToPreview(textarea.value, contentId, 'java', 'markup', reply_setPreviewArea); }

}
}
}

var contentHasChangedSinceLastAutoSave = false;
function saveDraft(callback)
{
if (!callback)
callback = function() {};

var form = getCurrentForm();
if (hasContentChanged())
{
var draftData = new Object();
draftData.pageId = '4254';
if (form.title)

Unknown macro: { draftData.title = form.title.value; }

if (form.newSpaceKey)

Unknown macro: { draftData.spaceKey = form.newSpaceKey.value; }

else

Unknown macro: { draftData.spaceKey = 'java'; }

if (form.originalVersion)

Unknown macro: { draftData.pageVersion = parseInt(form.originalVersion.value); }

draftData.type='page';
draftData.content = getCurrentFormContent(form);
DraftAjax.saveDraft(draftData, form.xhtml.value == 'true', callback);
resetContentChanged();
}
else

Unknown macro: { // must call the call back even if we don't save a draft! callback(); }

}
function heartbeat()
{
HeartbeatAjax.startActivity('4254', 'page',
function (activityResponses)
{
if (activityResponses.length > 0)
{
$('heartbeatDiv').style.display = 'block';
var html = "";
var sep = "";
for (i = 0; i < activityResponses.length; ++i)

Unknown macro: { var activityResponse = activityResponses[i] var usernamelink = '<a href="/confluence/display/~' + activityResponse.userName + '">' + activityResponse.fullName + '</a>'; var lastEditDateMessage = ''; if (activityResponse.lastEditDate != null) lastEditDateMessage = '<span class="smalltext">(last edit ' + activityResponse.lastEditDate + ')</span>'; html += sep + usernamelink + ' ' + lastEditDateMessage; sep = ", "; }

$('otherUsersSpan').innerHTML = html;
}
else

Unknown macro: { $('heartbeatDiv').style.display = 'none'; }

}
);
}
function getCurrentForm()

Unknown macro: { return document.forms['editpageform']; }

// Fallback function for Safari to show to submit the form via JavaScript and display the preview page.
function sendFormWithPreview()

Unknown macro: { form = getCurrentForm(); // create a hidden field for the update variable var el = document.createElement("input"); el.type = "hidden"; el.name = "preview"; el.name = "preview"; el.value = "preview"; form.appendChild(el); form.submit(); }

// function to send the form to discard/use the draft
function sendFormDraft(flagName)
{
form = getCurrentForm();

addHiddenElement(form, flagName, "true");
addHiddenElement(form, "pageId", "4254");
if (!form.spaceKey)

Unknown macro: { addHiddenElement(form, "spaceKey", "java"); }

form.action="edit$

Unknown macro: {draft.draftType}

.action";
form.submit();
}

function addHiddenElement(form, name, value)

Unknown macro: { var el = document.createElement("input"); el.type = "hidden"; el.name = name; el.value = value; form.appendChild(el); }

</script>
<div id='heartbeatDiv' style="display: none;">
<table style="clear: right" cellpadding='5' width='100%' cellspacing='8px' class='noteMacro' border="0" align='center'>
<tr><td valign='top' width="1%"><img src="/confluence/images/icons/emoticons/warning.gif" width="16" height="16" align="absmiddle" alt="" border="0"></td><td>
This page is being edited by <span id='otherUsersSpan'/>.
</td></tr>
</table>
</div>

<ul class="tabnav" style="border-bottom: 0; width: 400px">
<li class="tabs">
<a id="markupTab" class="current" href="#" onClick="javascript:changeMode('markup');return false;">Wiki Markup</a>
<a id="previewTab" href="#" onClick="javascript:sendFormWithPreview();return false;">Preview</a>
</li>
<li class="nontabs" style="margin: 8px 0pt 0pt 3px"><img id="wysiwygWaitImage" style="visibility:hidden" alt="Wait Image" border=0 src="/confluence/images/icons/wait.gif"></li>

</ul>
<!-- clears the floated elements above -->
<br class="after-tabnav">

<div style="background-color:#D6D6D6; border:1px solid #CCC; border-bottom:0; " id='linkinserters'>
<a style="text-decoration: none" href="#" onClick="storeTextareaBits(); window.open('/confluence/users/insertimageinpage.action?pageId=4254&formname=editpageform&fieldname=content&mode=search','link_image_inserter', 'width=700, height=400, resizable, scrollbars=yes'); return false;" title="Insert Image">
<img src="/confluence/images/icons/confimage.gif" border="0px" title="Insert Image">
</a>

<a style="text-decoration: none" href="#" onClick="storeTextareaBits(); window.open('/confluence/users/insertlink.action?pageId=4254&currentspace=java&formname=editpageform&fieldname=content' + (document.getElementById('selectedText').value ? '&alias=' + document.getElementById('selectedText').value : ''),'link_inserter', 'width=620, height=480, resizable, scrollbars=yes'); return false;" title="Insert Link">
<img src="/confluence/images/icons/conflink.gif" border="0px" title="Insert Link">
</a>
</div>

<script type="text/javascript">
var useWysiwyg = false;

/*---------------------------------------------------------------------------
Redefine the following two methods without calls to editorHasContentChanged()
---------------------------------------------------------------------------*/
function hasContentChanged()

Unknown macro: { return contentHasChangedSinceLastAutoSave; }

function resetContentChanged()

Unknown macro: { contentHasChangedSinceLastAutoSave = false; }

</script>

<script type="text/javascript" src="/confluence/s/1116/1/_/dwr/engine.js"></script>
<!-- request this the traditional way to fix CONF-5561 -->

<script type="text/javascript" src="/confluence/s/1116/1/_/wysiwyg-javascript"></script>
<div id="markup" >
<div>

<textarea id="markupTextarea" name="content"
cols=""
rows="30"

tabindex="5" onclick="storeCaret(this);"
onselect="storeCaret(this); storeTextareaBits()"
onkeyup="storeCaret(this);contentChangeHandler();"
onchange="contentChangeHandler();"
style="padding:0; margin:0; width:100%; "
class="monospaceInput"
>h2. Recommendations

[SEC00-J. Do not allow exceptions to transmit sensitive information]

[SEC01-A. Be careful using doPrivileged]

[SEC02-A. Beware of standard APIs that may bypass Security Manager checks]

[SEC03-A. Beware of standard APIs that may use the immediate caller's class loader instance]

[SEC04-A. Beware of standard APIs that perform access checks against the immediate caller]

[SEC05-A. Handle exceptions appropriately]

Rules

[SEC30-C. Always use a Security Manager]

[SEC31-C. Never grant AllPermission]

[SEC32-C. Do not grant ReflectPermission with action suppressAccessChecks]

[SEC33-C. Define wrappers around native methods]

[SEC34-C. Do not allow the unauthorized construction of sensitive classes]

[SEC35-C. Provide mutable classes with a clone method]

[SEC36-C. Ensure that the bytecode verifier is applied to all involved code upon any modification]

Risk Assessment Summary

Rules

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SEC30-C

high

likely

low

P27

L1

SEC31-C

medium

probable

medium

P8

L2

SEC32-C

low

unlikely

high

P1

L3

</textarea>
</div>
</div>
<input id="selectedText" name="selectedText" type="hidden">
<!-- two hidden fields to store textarea parts for mozilla based browsers -->
<input type="hidden" name="sel1"><!-sel1: text before the selection->
<input type="hidden" name="sel2"><!-sel2: text after the selection->

<input type="hidden" name="inPreview" value="false"/>
<input type="hidden" name="mode" value="markup"/>
<input type="hidden" name="xhtml" value="false"/>

<div id="preview" style="display: none ; border:1px solid #CCCCCC; background-color:white;">
<div id="previewArea" style="margin:5px;"></div>
</div>

<!-- javascript code to initialise draft and heartbeat ajax -->
<script type="text/javascript">
DraftAjax.getDraftSaveInterval(
function (interval)

Unknown macro: { setInterval("saveDraft()", interval); }

);
if ('4254' != '0')
{
heartbeat();
HeartbeatAjax.getHeartbeatInterval(
function (interval)

Unknown macro: { setInterval("heartbeat()", interval); }

);
}

function contentChangeHandler()

Unknown macro: { contentHasChangedSinceLastAutoSave = true; }

</script> </div>
</div>
<!-- comment field and minor edit checkbox -->
<div class="inputSection">
<div style="float:right">
<input id="minorEdit" type="checkbox" name="minorEdit" value="true" />
<label for="minorEdit">
<span class="smalltext"><b>Minor change?</b> (no notifications will be sent)</span>
</label>
</div>
<span class="formtitle">Comment:</span>
<input type="text"
name="versionComment"
size="40" tabindex="6" class="monospaceInput" style="width: 50%" /> </div>

<!-- Page permissions -->
<div class="inputSection">

<!-- Copy some methods out of prototype 1.5 since we can't rev to it yet due to it causing a memory leak in jwebunit 1.2 and hence our func tests -->
<!-- this block of javascript can be removed when we rev to prototype 1.5 -->
<script type="text/javascript">
Array.prototype.indexOf = function(object)

Unknown macro: { for (var i = 0, length = this.length; i < length; i++) if (this[i] == object) return i; return -1; }

Array.prototype.without = function()
{
var values = $A(arguments);
return this.select(function(value)

Unknown macro: { return !values.include(value); }

);
}

String.prototype.strip = function()

Unknown macro: { return this.replace(/^s+/, '').replace(/s+$/, ''); }

</script>

<script type="text/javascript">

var viewPagePermissions = new PagePermissions();

var editPagePermissions = new PagePermissions();

var viewPermissionManager = new PermissionManager(PagePermissionType.VIEW);
var editPermissionManager = new PermissionManager(PagePermissionType.EDIT);
var currentPermissionManager = viewPermissionManager;

i18n['done.name.caps'] = 'DONE';
i18n['edit.name.caps'] = 'EDIT';
i18n['page.perms.viewing.restricted'] = 'Viewing restricted to:';
i18n['page.perms.editing.restricted'] = 'Editing restricted to:';
i18n['page.perms.no.view.restrictions'] = 'No viewing restrictions set on this page';
i18n['page.perms.no.edit.restrictions'] = 'No editing restrictions set on this page';
i18n['page.perms.duplicate.names'] = 'Duplicate user or group name(s):';
i18n['page.perms.invalid.entity.names'] = 'Invalid user or group name(s):';

</script>

</div>

<!-labels section->

<script>
function toggleLabels()
{
toggleVisibility('labels_div');
toggleVisibility('labels_info');
if($('labels_div').style.display == 'none')

Unknown macro: { $('labels_info').innerHTML = $('labelsString').value.toLowerCase(); $('labels_edit_link').innerHTML = "EDIT"; highlight($('labels_info')); }

else

Unknown macro: { SuggestedLabelsForEntity.viewLabels('4254', "labels/editpage-suggestedlabels.vm", loadSuggestedLabels); $('labels_edit_link').innerHTML = "DONE"; }

}

function loadSuggestedLabels(ajaxResponse)
{
if (ajaxResponse.success)

Unknown macro: { $('suggestedLabelsSpan').innerHTML = ajaxResponse.response; }

}
</script>

<div id="labels_tab">
<span class="formtitle">Labels: </span><span onclick="toggleLabels()" class="inline-control-link fontSizeTiny" id="labels_edit_link">EDIT</span>
</div>
<div id="labels_info">

</div>

<div id="labels_div" class="toggleFormDiv" style="padding: 8px; display:none">
<table width="100%">
<tr>
<td width="60%" valign="top">
<span class="error">
<span class="errorMessage" id="errorSpan"></span>
</span>
<input autocomplete="off" type="text" id="labelsString" name="labelsString" value="" class="monospaceInput" style="width:100%;" />
<div class="smalltext"><em>Tip:</em> Looking for a label? Just start typing.</div>
<div class="auto_complete" id="labelsAutocompleteList"></div>

<script>new Ajax.Autocompleter('labelsString', 'labelsAutocompleteList', '4254',

Unknown macro: { tokens}

);</script>
</td>
<td valign="top">
<div id="suggestedLabelsSpan" style="margin-top:5px;">

</div>
</td>
</tr>
</table>
</div>

<script>
toggleLabels();
</script>
<div>
<div class="submitButtons">
<input
tabindex="102" accessKey="s" type="submit" name="confirm" value="Save"/>  
<input
tabindex="104" type="submit" name="cancel" value="Cancel"/> </div>
</div>
</div>
</div>
</form>
<script type="text/javascript">
(function() {
$A(document.getElementsByClassName("submitButtons")).each(function(div) {
$A(div.getElementsByTagName("input")).each(function(button)

Unknown macro: { Event.observe(button, "click", pageFormSubmit, false); }

);
});
})();
</script>

<img src="/confluence/images/border/spacer.gif" width="0" height="0" border="0" onLoad="toggleHierarchy()">
</div>
</div>
</td>

<td valign="top" id="helptd" style="display:block; width:200px; border-top:1px solid #CCC;">
<div style="padding-left:5px;">
<div class="rightpanel">
<div id="helpheading">
<img src="/confluence/images/icons/help_16.gif" height=16 width=16 border=0 align=absmiddle title="Help Tips">
Help Tips
</div>
<div id="helpcontent">
<p>
<b>Notation Help:</b>

(<a href="#" onClick="window.open('/confluence/renderer/notationhelp.action','notation_help','width=780, height=580, resizable, scrollbars')">full guide</a>)

<br/>
Text formatting:<br/>
<span class="smalltext">
bold » <b class="strong">bold</b><br/>
italic » <em class="emphasis">italic</em><br/>
strike » <del class="deleted">strike</del><br/>
under » <u>under</u><br/>
</span>
</p>
<p>
Headings:<br/>
<span class="smalltext">

Large heading!<br />

Medium heading<br/>

Small heading...<br/>

</span>
</p>
<p>
Lists:<br/>
<span class="smalltext">

  • Bulleted point<br />
  1. Numbered point<br/>
    </span>
    </p>
    <p>
    Linking:<br/>
    <span class="smalltext">
    [title#anchor] » Link a page<br/>
    [dev:title#anchor] » In space with 'dev'<br/>
    http://host.com » Remote link<br/>
    [phrase@shortcut] » Shortcut<br/>
    <b><i>Note:</i></b> [alias] » Custom link title
    </span>
    </p>
    <p>
    Tables:<br/>
    <span class="smalltext">

    head1

    head2

    <br/>

    colA1

    colA2

    <br/>

    colB1

    colB2

    </span>
    </p>

Details and full examples are in the
<a href="/confluence/renderer/notationhelp.action" onClick="window.open(this.href,'notation_help','width=680, height=440, resizable, scrollbars'); return false;">full notation guide »</a>
</div>
</div>
</div>
</td>
</tr>
</table>
<!-- End inner content table -->
</td>
</tr>
</table>
</div>
<div class="bottomshadow"></div>
<!-- <div id="poweredby" class="smalltext">
Powered by <a href="http://www.atlassian.com/software/confluence" class="smalltext">Atlassian Confluence</a> 2.7.3, the <a href="http://www.atlassian.com/software/confluence" class="smalltext">Enterprise Wiki</a>.
<a href="http://jira.atlassian.com/secure/BrowseProject.jspa?id=10470" class="smalltext">Bug/feature request</a>
-
<a href="http://www.atlassian.com/about/connected.jsp?s_kwcid=Confluence-stayintouch" class="smalltext">Atlassian news</a>
-
<a href="/confluence/administrators.action">Contact administrators</a>
<br/>
</div>
-->

<!-- delay the loading of large javascript files to the end so that they don't interfere with the loading of page content -->
<span style="display: none"></span>

<!--BEGIN FOOTER -->

<table border="0" width="100%" cellspacing="0" cellpadding="8" bgcolor="#666666"><tr>
<td width="50%"><img src="https://www.cert.org/cert/images/sei_cmu_logo2.gif" alt="Software Engineering Institute | Carnegie Mellon University" border="0" usemap="#footermap"/>
<map name="footermap" id="footermap">
<area shape="rect" coords="2,2,233,19" href="http://www.sei.cmu.edu/" alt="Software Engineering Institute"/>
<area shape="rect" coords="241,3,341,19" href="http://www.cmu.edu/" alt="Carnegie Mellon University" />
</map>
</td>
<td width="50%" align="right">
<span style="font-size:11px; color:#ffffff; font-family:Verdana">
<a style="color:#ffffff" href="https://www.cert.org/">Home</a> |
<a style="color:#ffffff" href="https://www.cert.org/meet_cert/meetcertcc.html">About</a> |
<a style="color:#ffffff" href="https://www.cert.org/contact_cert/">Contact</a> |
<a style="color:#ffffff" href="https://www.cert.org/faq/cert_faq.html">FAQ</a> |
<a style="color:#ffffff" href="https://www.cert.org/stats/">Statistics</a> |
<a style="color:#ffffff" href="https://www.cert.org/jobs/">Jobs</a> |
<a style="color:#ffffff" href="https://www.cert.org/legal_stuff/">Legal</a> |
<a style="color:#ffffff" href="https://www.securecoding.cert.org/confluence/display/seccode/Terms+and+Conditions">Legal</a>
<br/>
Copyright © 1995-2008 Carnegie Mellon University
</td>
</tr>
</table>

<!--END FOOTER -->
</body>
</html>

  • No labels