Package docking

Class DockingUtils

  • public class DockingUtils
    extends java.lang.Object

    Notes about how to use HTML safely:

    Java's built-in HTML rendering in UI components is very useful, but can also introduce security issues when a hostile actor is providing the text strings that are being rendered.

    Before using a native Java UI component, search for a corresponding 'G'hidra component, and if possible choose the non-HTML version of that component (if available).

    For instance, instead of using JLabel, use either GLabel or GHtmlLabel (and their variants).

    (native JLabel, JCheckbox, etc, usage is actually disallowed in the Ghidra project)

    When using a UI component that is HTML enabled, care must be used when constructing the text that is being rendered.

    During string-building or concatenation, appending a non-literal string value (ie. "Hello " + getFoo(); ), the non-literal string value should be escaped using HTMLUtilities.escapeHTML(String) (ie. "Hello " + HTMLUtilities.escapeHTML(getFoo());.

    Of course, there are exceptions to every rule, and if the string value can be definitely be traced to its source and there are no user-supplied origins, the HTML escaping can be skipped.

    Note: just using a UI component that is HTML enabled does not mean that it will treat its text as HTML text. If you need to HTML escape any values that are being fed to the component, you need to force the HTML mode 'on' by pre-pending a "<HTML>" at the beginning of the string. If you fail to do this, the escaped substrings will look wrong because any '<' and '>' chars (and others) in the substring will be mangled when rendered in plain-text mode.

    When working with plain text, try to avoid allowing a user supplied string being the first value of text that could be fed to a UI component. This will prevent the possibly hostile string from having a leading HTML start tag. (ie. when displaying an error to the user about a bad file, don't put the filename value at the start of the string, but instead put a quote or some other delimiter to prevent html mode).

    Recommended Ghidra UI Components:

    Native ComponentRecommended Component
    • Field Detail


        public static final int CONTROL_KEY_MODIFIER_MASK
        System dependent mask for the Ctrl key

        public static final int CONTROL_KEY_MODIFIER_MASK_DEPRECATED
        A version the control key modifiers that is based upon the pre-Java 9 InputEvent usage. This mask is here for those clients that cannot be upgraded, such as those with dependencies on 3rd-party libraries that still use the old mask style.

        public static final java.lang.String CONTROL_KEY_NAME
    • Constructor Detail

      • DockingUtils

        public DockingUtils()
    • Method Detail

      • createToolbarSeparator

        public static javax.swing.JSeparator createToolbarSeparator()
      • scaleIconAsNeeded

        public static javax.swing.Icon scaleIconAsNeeded​(javax.swing.Icon icon)
      • isControlModifier

        public static boolean isControlModifier​(java.awt.event.MouseEvent mouseEvent)
        Checks if the mouseEvent has the "control" key down. On windows, this is actually the control key. On Mac, it is the command key.
        mouseEvent - the event to check
        true if the control key is pressed
      • isControlModifier

        public static boolean isControlModifier​(java.awt.event.KeyEvent keyEvent)
        Checks if the mouseEvent has the "control" key down. On windows, this is actually the control key. On Mac, it is the command key.
        keyEvent - the event to check
        true if the control key is pressed
      • installUndoRedo

        public static UndoRedoKeeper installUndoRedo​(javax.swing.text.JTextComponent textComponent)
      • setTransparent

        public static void setTransparent​(javax.swing.JComponent c)
        Sets the given component to transparent, which allows the parent component's background to be painted.

        Notes Historically, to make a component transparent you would call JComponent.setOpaque(boolean) with a false value. However, it turns out that the definition and the implementation of this method are at odds. setOpaque(false) is meant to signal that some part of the component is transparent, so the parent component needs to be painted. Most LaFs implemented this by not painting the background of the component, but used the parent's color instead. The Nimbus LaF actually honors the contract of setOpaque(), which has the effect of painting the components background by default.

        This method allows components to achieve transparency when they used to rely on setOpaque(false).

        c - the component to be made transparent
      • hideTipWindow

        public static void hideTipWindow()
        Hides any open tooltip window