< prev index next >
src/java.base/share/classes/java/io/SerializablePermission.java
Print this page
@@ -46,19 +46,19 @@
*
* <table class="striped">
* <caption style="display:none">Permission target name, what the permission allows, and associated risks</caption>
* <thead>
* <tr>
- * <th>Permission Target Name</th>
- * <th>What the Permission Allows</th>
- * <th>Risks of Allowing this Permission</th>
+ * <th scope="col">Permission Target Name</th>
+ * <th scope="col">What the Permission Allows</th>
+ * <th scope="col">Risks of Allowing this Permission</th>
* </tr>
* </thead>
* <tbody>
*
* <tr>
- * <td>enableSubclassImplementation</td>
+ * <th scope="row">enableSubclassImplementation</th>
* <td>Subclass implementation of ObjectOutputStream or ObjectInputStream
* to override the default serialization or deserialization, respectively,
* of objects</td>
* <td>Code can use this to serialize or
* deserialize classes in a purposefully malfeasant manner. For example,
@@ -67,20 +67,20 @@
* to attackers. Or, during deserialization it could, for example, deserialize
* a class with all its private fields zeroed out.</td>
* </tr>
*
* <tr>
- * <td>enableSubstitution</td>
+ * <th scope="row">enableSubstitution</th>
* <td>Substitution of one object for another during
* serialization or deserialization</td>
* <td>This is dangerous because malicious code
* can replace the actual object with one which has incorrect or
* malignant data.</td>
* </tr>
*
* <tr>
- * <td>serialFilter</td>
+ * <th scope="row">serialFilter</th>
* <td>Setting a filter for ObjectInputStreams.</td>
* <td>Code could remove a configured filter and remove protections
* already established.</td>
* </tr>
* </tbody>
< prev index next >