Bug ID: JDK-8296878 Document Filter attached to JPasswordField and setText("") is not cleared instead inserted characters replaced with unicode null characters

JDK-8296878 : Document Filter attached to JPasswordField and setText("") is not cleared instead inserted characters replaced with unicode null characters

Type: Bug
Component: client-libs
Sub-Component: javax.swing
Affected Version: 8u291,11.0.11,17,19,20

Priority: P3
Status: Resolved
Resolution: Fixed
OS: generic
CPU: generic

Submitted: 2022-11-08
Updated: 2024-03-05
Resolved: 2022-11-30

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 11	JDK 17	JDK 20
11.0.19Fixed	17.0.12-oracleFixed	20 b26Fixed

Related Reports

Relates :

JDK-8258373 - Update the text handling in the JPasswordField

Description

A DESCRIPTION OF THE PROBLEM :
To clear a JPasswordField you're supposed to do setText(""). In versions before 11.0.11 this would work if that field had a document filter attached to it, but since 11.0.11 this does not work anymore, and instead the currently inserted characters will be replaced with unicode null characters instead. 
Visually and functionally this means the passwordfield is not empty.

Tested versions:
11.0.11+9 (does no work)
11.0.10+9 (does work)

REGRESSION : Last worked in version 11.0.10

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Create a JPasswordField
2. Get the document as PlainDocument from the field
3. Set a documentFilter
4. Input text in the JPasswordField (either through the UI or with setTexT(String)
5. Clear the text with setText("") (ie. with a button)

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The field is empty
ACTUAL -
The originally set characters get replaced with unicode null characters

---------- BEGIN SOURCE ----------
public class PasswordTest {

    public static void main(String... args) {

        JPasswordField test = new JPasswordField();
        PlainDocument document = (PlainDocument) test.getDocument();
        document.setDocumentFilter(new DocumentFilter() {
            @Override
            public void replace(DocumentFilter.FilterBypass fb, int offset, int length, String text, AttributeSet attrs) throws BadLocationException {
                String string = fb.getDocument().getText(0, fb.getDocument().getLength()) + text;

                if (string.length() <= 6 && string.matches("[0-9]+")) {
                    super.replace(fb, offset, length, text, attrs); //To change body of generated methods, choose Tools | Templates.
                }
            }
        });
        test.setText("123456");
        test.setText("");
        System.out.println(Arrays.equals(test.getPassword(), new char[0]));
    }

}

---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
Remove the document filter.

FREQUENCY : always

Comments

Fix request (11u) Clean backport. This is the fix for a regression introduced in JDK 11.0.11. The new test passed, and the java_desktop tests are green. Review 11u-dev: https://git.openjdk.org/jdk11u-dev/pull/1563
03-12-2022
Fix request (17u) Clean backport. This is the fix for a regression introduced in JDK 11.0.11. The new test passed, and the java_desktop tests are green. Review 17u-dev: https://github.com/openjdk/jdk17u-dev/pull/943
03-12-2022
Fix request (19u) Clean backport. This is the fix for a regression introduced in JDK 11.0.11. The new test passed, and the java_desktop tests are green. Review 19u: https://git.openjdk.org/jdk19u/pull/102
02-12-2022
A pull request was submitted for review. URL: https://git.openjdk.org/jdk11u-dev/pull/1563 Date: 2022-12-01 22:02:50 +0000
01-12-2022
A pull request was submitted for review. URL: https://git.openjdk.org/jdk17u-dev/pull/943 Date: 2022-12-01 11:04:36 +0000
01-12-2022
A pull request was submitted for review. URL: https://git.openjdk.org/jdk19u/pull/102 Date: 2022-12-01 10:58:05 +0000
01-12-2022
Changeset: 87f00f4a Author: Sergey Bylokhov <serb@openjdk.org> Date: 2022-11-30 03:22:52 +0000 URL: https://git.openjdk.org/jdk/commit/87f00f4a1bfb392be0684edcdfa0254caec4ca03
30-11-2022
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/11281 Date: 2022-11-22 03:15:55 +0000
28-11-2022
This is an expected change in behavior after the JDK-8258373 and it was discussed during the review request. That change clears the old storage for the password before using the new password, that change became visible to the user via text notifications events, and as in the test in the description of this bug the application may start to work differently.
20-11-2022
Seems to be a regression of JDK-8258373...Should be assigned to the author of that bug...
11-11-2022
Verified with attached testcase in Windows 10, issue is reproducible Test Result ========== 8u281: Pass 8u291: Fail<-Regression 11.0.10: Pass 11.0.11: Fail<-Regression 17: Fail 19: Fail 20ea22: Fail
11-11-2022