...
This rule is an instance of OBJ14 OBJ06-J. Defensively copy mutable inputs and mutable internal components. Whereas that rule applies to constructors, and other methods that take untrusted mutable parameters, this rule applies the same principle to deserialized mutable fields.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="74ac0e18bb982107-7ce29b94-40134757-bcd3b784-bf1d362cf7624d681a5eddc5"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f849023999d95af2-fd7ea803-46cb4a76-ace4b25c-2a0d0076f665f34342ec9a55"><ac:plain-text-body><![CDATA[ | [[Bloch 2008 | AA. Bibliography#Bloch 08]] | Item 76: "Write readObject methods defensively" | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="880f789291d40204-9419044a-43ed4e38-a4029229-5f39eb78f10f31fd7ee9329c"><ac:plain-text-body><![CDATA[ | [[Sun 2006 | AA. Bibliography#Sun 06]] | "Serialization specification: A.6 Guarding Unshared Deserialized Objects" | ]]></ac:plain-text-body></ac:structured-macro> |
...