yura
Reputation: 14645
How to configure sandbox security in in Rhino JavaScript engine
I want to interpret html pages scripts, but want to disable any posibility of harming my computer. Is there are any official tutorial or example how to configure such feature? (i dont find it in offcial site)
Upvotes: 4
Views: 4231
Answers (3)
Tuntable
Reputation: 3574
Beware reflection "out.println('outclass ' + out.getClass().forName('java.io.File'));"
There are many traps to this trade. Previous answer not good enough.
Upvotes: 2
chacko
Reputation: 5164
run an initial script like this:
java = undefined;
Packages = undefined;
org = undefined;
...
then it is sandboxed.
Upvotes: 6
fizban
Reputation: 597
I haven't seen any official example, but see this SO question and particularly this article on sandboxing in Rhino. The article gives a pretty good overview of the things you'll have to set up and guard against.
Upvotes: 4
Related Questions
- Implement own TrustManager in Javascript (Rhino engine)
- Rhino and concurrent access to javax.script.ScriptEngine
- Java Rhino allow access to java from safe Context
- Safely running javascript code in java
- How can you run Javascript using Rhino for Java in a sandbox?
- Mozilla Rhino: Default JavaScript Compliance Level
- How do you use Java to call the Rhino Javascript interpreter?
- security problem with Java ScriptEngine
- Rhino: restrict Java packages that can be accessed from JavaScript
- How to use the Rhino javascript engine in an applet