openjdk · JoeWang-Java · Apr 11, 2025 · Apr 12, 2025 · Apr 14, 2025 · Apr 16, 2025
diff --git a/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/functions/FuncExtFunction.java b/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/functions/FuncExtFunction.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2017, 2025, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
@@ -41,7 +41,7 @@
  * the expression executes, it calls ExtensionsTable#extFunction, and then
  * converts the result to the appropriate XObject.
  * @xsl.usage advanced
- * @LastModified: May 2022
+ * @LastModified: Apr 2025
  */
 public class FuncExtFunction extends Function
 {
@@ -186,12 +186,6 @@ public FuncExtFunction(java.lang.String namespace,
    */
   public XObject execute(XPathContext xctxt) throws TransformerException
   {
-    if (xctxt.isSecureProcessing())
-      throw new javax.xml.transform.TransformerException(
-        XPATHMessages.createXPATHMessage(
-          XPATHErrorResources.ER_EXTENSION_FUNCTION_CANNOT_BE_INVOKED,
-          new Object[] {toString()}));
-
     XObject result;
     List<XObject> argVec = new ArrayList<>();
     int nArgs = m_argVec.size();

diff --git a/...java.xml/share/classes/com/sun/org/apache/xpath/internal/jaxp/JAXPExtensionsProvider.java b/...java.xml/share/classes/com/sun/org/apache/xpath/internal/jaxp/JAXPExtensionsProvider.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2025, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
@@ -37,26 +37,16 @@
 /**
  *
  * @author Ramesh Mandava
- * @LastModified: Nov 2017
+ * @LastModified: Apr 2025
  */
 public class JAXPExtensionsProvider implements ExtensionsProvider {
 
     private final XPathFunctionResolver resolver;
-    private boolean extensionInvocationDisabled = false;
 
     public JAXPExtensionsProvider(XPathFunctionResolver resolver) {
         this.resolver = resolver;
-        this.extensionInvocationDisabled = false;
     }
 
-    public JAXPExtensionsProvider(XPathFunctionResolver resolver,
-        boolean featureSecureProcessing, JdkXmlFeatures featureManager ) {
-        this.resolver = resolver;
-        if (featureSecureProcessing &&
-                !featureManager.getFeature(JdkXmlFeatures.XmlFeature.ENABLE_EXTENSION_FUNCTION)) {
-            this.extensionInvocationDisabled = true;
-        }
-    }
 
     /**
      * Is the extension function available?
@@ -111,16 +101,6 @@ public Object extFunction(String ns, String funcName, List<XObject> argVec,
             //Find the XPathFunction corresponding to namespace and funcName
             javax.xml.namespace.QName myQName = new QName( ns, funcName );
 
-            // JAXP 1.3 spec says When XMLConstants.FEATURE_SECURE_PROCESSING
-            // feature is set then invocation of extension functions need to
-            // throw XPathFunctionException
-            if ( extensionInvocationDisabled ) {
-                String fmsg = XSLMessages.createXPATHMessage(
-                    XPATHErrorResources.ER_EXTENSION_FUNCTION_CANNOT_BE_INVOKED,
-                    new Object[] { myQName.toString() } );
-                throw new XPathFunctionException ( fmsg );
-            }
-
             // Assuming user is passing all the needed parameters ( including
             // default values )
             int arity = argVec.size();
@@ -167,16 +147,6 @@ public Object extFunction(FuncExtFunction extFunction, List<XObject> argVec)
             javax.xml.namespace.QName myQName =
                 new javax.xml.namespace.QName( namespace, functionName );
 
-            // JAXP 1.3 spec says  When XMLConstants.FEATURE_SECURE_PROCESSING
-            // feature is set then invocation of extension functions need to
-            // throw XPathFunctionException
-            if ( extensionInvocationDisabled ) {
-                String fmsg = XSLMessages.createXPATHMessage(
-                    XPATHErrorResources.ER_EXTENSION_FUNCTION_CANNOT_BE_INVOKED,
-                        new Object[] { myQName.toString() } );
-                throw new XPathFunctionException ( fmsg );
-            }
-
             XPathFunction xpathFunction =
                 resolver.resolveFunction( myQName, arity );
 

diff --git a/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/jaxp/XPathImplUtil.java b/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/jaxp/XPathImplUtil.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -54,7 +54,7 @@
  * This class contains several utility methods used by XPathImpl and
  * XPathExpressionImpl
  *
- * @LastModified: Jan 2022
+ * @LastModified: Apr 2025
  */
 class XPathImplUtil {
     XPathFunctionResolver functionResolver;
@@ -85,8 +85,7 @@ XObject eval(Object contextItem, com.sun.org.apache.xpath.internal.XPath xpath)
                     new Object[] {}));
         }
         if (functionResolver != null) {
-            JAXPExtensionsProvider jep = new JAXPExtensionsProvider(
-                    functionResolver, featureSecureProcessing, featureManager);
+            JAXPExtensionsProvider jep = new JAXPExtensionsProvider(functionResolver);
             xpathSupport = new com.sun.org.apache.xpath.internal.XPathContext(jep);
         } else {
             xpathSupport = new com.sun.org.apache.xpath.internal.XPathContext();

diff --git a/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/res/XPATHErrorResources.java b/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/res/XPATHErrorResources.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, 2024, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2019, 2025, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
@@ -31,7 +31,7 @@
   * Also you need to  update the count of messages(MAX_CODE)or
  * the count of warnings(MAX_WARNING) [ Information purpose only]
  * @xsl.usage advanced
- * @LastModified: Nov 2024
+ * @LastModified: Apr 2025
  */
 public class XPATHErrorResources extends ListResourceBundle
 {
@@ -305,7 +305,6 @@ public class XPATHErrorResources extends ListResourceBundle
   public static final String ER_XPATH_ERROR = "ER_XPATH_ERROR";
 
   //BEGIN: Keys needed for exception messages of  JAXP 1.3 XPath API implementation
-  public static final String ER_EXTENSION_FUNCTION_CANNOT_BE_INVOKED = "ER_EXTENSION_FUNCTION_CANNOT_BE_INVOKED";
   public static final String ER_RESOLVE_VARIABLE_RETURNS_NULL = "ER_RESOLVE_VARIABLE_RETURNS_NULL";
   public static final String ER_NO_XPATH_VARIABLE_RESOLVER = "ER_NO_XPATH_VARIABLE_RESOLVER";
   public static final String ER_NO_XPATH_FUNCTION_PROVIDER = "ER_NO_XPATH_FUNCTION_PROVIDER";
@@ -766,11 +765,6 @@ public class XPATHErrorResources extends ListResourceBundle
 
   //BEGIN:  Definitions of error keys used  in exception messages of  JAXP 1.3 XPath API implementation
 
-  /** Field ER_EXTENSION_FUNCTION_CANNOT_BE_INVOKED                       */
-
-  { ER_EXTENSION_FUNCTION_CANNOT_BE_INVOKED,
-       "Extension function: ''{0}'' can not be invoked when the XMLConstants.FEATURE_SECURE_PROCESSING feature is set to true."},
-
   /** Field ER_RESOLVE_VARIABLE_RETURNS_NULL                       */
 
   { ER_RESOLVE_VARIABLE_RETURNS_NULL,

diff --git a/src/java.xml/share/classes/module-info.java b/src/java.xml/share/classes/module-info.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, 2024, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -868,19 +868,19 @@
  * </tr>
  * <tr>
  * <td id="ExtFunc">{@systemProperty jdk.xml.enableExtensionFunctions}</td>
- * <td>Determines if XSLT and XPath extension functions are to be allowed.
+ * <td>Determines whether extension functions in the Transform API are to be allowed.
+ * The extension functions in the XPath API are not affected by this property.
  * </td>
  * <td style="text-align:center" rowspan="5">yes</td>
  * <td style="text-align:center" rowspan="3">Boolean</td>
  * <td>
  * true or false. True indicates that extension functions are allowed; False otherwise.
  * </td>
- * <td style="text-align:center">true</td>
+ * <td style="text-align:center">false</td>
  * <td style="text-align:center">false</td>
  * <td style="text-align:center">Yes</td>
  * <td style="text-align:center">
  *     <a href="#Transform">Transform</a><br>
- *     <a href="#XPATH">XPath</a>
  * </td>
  * <td style="text-align:center"><a href="#Processor">Method 2</a></td>
  * <td style="text-align:center">8</td>

diff --git a/test/jaxp/javax/xml/jaxp/unittest/xpath/SecureProcessingTest.java b/test/jaxp/javax/xml/jaxp/unittest/xpath/SecureProcessingTest.java
diff --git a/test/jaxp/javax/xml/jaxp/unittest/xpath/SecureProcessingTest.xml b/test/jaxp/javax/xml/jaxp/unittest/xpath/SecureProcessingTest.xml