nathanfranke
Reputation: 983
Java - How do I sandbox ScriptEngineManager?
I can easily execute JavaScript using the built-in ScriptEngineManager. However, it gives full permission to JavaScript, which is a big problem for me.
It allows dangerous commands such as:
javax.swing.JOptionPane.showMessageDialog(null, "Hello, Server!");java.lang.System.exit(0);
How do I limit the availability of Java functions in the Javascript Engine?
Upvotes: 0
Views: 633
Answers (1)
Sajadur Rahman
Reputation: 36
The sandbox by default blocks access to all Java classes.
NashornSandbox sandbox = NashornSandboxes.create();
sandbox.allow(File.class);
sandbox.eval("var File = Java.type('java.io.File'); File;")
Upvotes: 2
Related Questions
- Sandbox against malicious code in a Java application
- How do I create a Java sandbox?
- How do you create a secure JEXL (scripting) sandbox?
- Prevent malicious code in sandbox Java
- Prohibit scripts from accessing specific Java classes using Java security Manager
- How to build a sandbox environment
- Sandboxed scripting
- How to lock down (or sandbox) JDK's built-in Javascript interpreter to run untrusted scripts
- Should one use a custom SecurityManager to sandbox javax.script.ScriptEngine?
- What is the best way to execute sandboxed Java code?