« Return to Thread: Can I disable the ability to call java code from rhino?
Re: Can I disable the ability to call java code from rhino?
by Norris Boyd-2
::
Rate this Message:
Well, if you can figure out a set of objects like java.lang.String
that you're happy to expose to JavaScript, then you can allow those
through ClassShutter. If you delete the top-level "java" property,
then users can only get to those objects via your host objects, for
what that's worth.
--N
On Jan 25, 3:41 pm, keith <keithgchap...@...> wrote:
> Hi Norris,
>
> I tried this but then accessing host objects fail with exceptions such
> as Access to Java class "java.lang.String" is prohibited. I want to
> prohibit running java code directly from javascript but I want to
> expose my host objects. Whats the best way to do this?
>
> Thanks,
> Keith
>
> On Jan 23, 9:41 pm, keith <keithgchap...@...> wrote:> Hi Norris,
>
> > I did implement this interface as follows
>
> > public class ClassShutterImpl implements ClassShutter {
> > public boolean visibleToScripts(String fullClassName) {
> > // For the moment we dont allow to execute java code
> > return fullClassName.startsWith("org.mozilla.javascript");
> > }
>
> > }
>
> > and set this in the context. When i execute the following script
>
> > function foo(){
> > x = 10;}
>
> > java.lang.System.exit(0);
>
> > I get this error, Is there a way that I can throw a more meaningfull
> > error. May be something like "sorry we do not allow you to run Java
> > code through LiveConnect".
>
> > caused org.mozilla.javascript.EcmaError: TypeError: exit is not a
> > function, it is org.mozilla.javascript.NativeJavaPackage. (test#4)
>
> > Is there a better way I can do this?
>
> > thanks,
> > Keith.
>
> > On Jan 22, 11:54 pm, Norris Boyd <norrisb...@...> wrote:
>
> > > On Jan 22, 5:07 am, keith <keithgchap...@...> wrote:
>
> > > > Hi,
>
> > > > I understand that I can call Java code directly from Within Rhino. Is
> > > > there a configuration setting or something that can disable this
> > > > feature?
>
> > > > for e.g I dont want a script having
> > > > java.lang.System.exit(0);
> > > > bring down the whole system. Is there anyway I can control this.
>
> > > > Thanks,
> > > > Keith.
>
> > > (Please use mozilla.dev.tech.js-engine.rhino in the future.)
>
> > > Take a look at the following method and class:
>
> > >http://www.mozilla.org/rhino/apidocs/org/mozilla/javascript/Context.h......
>
> > > --N
_______________________________________________
dev-tech-js-engine mailing list
dev-tech-js-engine@...
https://lists.mozilla.org/listinfo/dev-tech-js-engine
that you're happy to expose to JavaScript, then you can allow those
through ClassShutter. If you delete the top-level "java" property,
then users can only get to those objects via your host objects, for
what that's worth.
--N
On Jan 25, 3:41 pm, keith <keithgchap...@...> wrote:
> Hi Norris,
>
> I tried this but then accessing host objects fail with exceptions such
> as Access to Java class "java.lang.String" is prohibited. I want to
> prohibit running java code directly from javascript but I want to
> expose my host objects. Whats the best way to do this?
>
> Thanks,
> Keith
>
> On Jan 23, 9:41 pm, keith <keithgchap...@...> wrote:> Hi Norris,
>
> > I did implement this interface as follows
>
> > public class ClassShutterImpl implements ClassShutter {
> > public boolean visibleToScripts(String fullClassName) {
> > // For the moment we dont allow to execute java code
> > return fullClassName.startsWith("org.mozilla.javascript");
> > }
>
> > }
>
> > and set this in the context. When i execute the following script
>
> > function foo(){
> > x = 10;}
>
> > java.lang.System.exit(0);
>
> > I get this error, Is there a way that I can throw a more meaningfull
> > error. May be something like "sorry we do not allow you to run Java
> > code through LiveConnect".
>
> > caused org.mozilla.javascript.EcmaError: TypeError: exit is not a
> > function, it is org.mozilla.javascript.NativeJavaPackage. (test#4)
>
> > Is there a better way I can do this?
>
> > thanks,
> > Keith.
>
> > On Jan 22, 11:54 pm, Norris Boyd <norrisb...@...> wrote:
>
> > > On Jan 22, 5:07 am, keith <keithgchap...@...> wrote:
>
> > > > Hi,
>
> > > > I understand that I can call Java code directly from Within Rhino. Is
> > > > there a configuration setting or something that can disable this
> > > > feature?
>
> > > > for e.g I dont want a script having
> > > > java.lang.System.exit(0);
> > > > bring down the whole system. Is there anyway I can control this.
>
> > > > Thanks,
> > > > Keith.
>
> > > (Please use mozilla.dev.tech.js-engine.rhino in the future.)
>
> > > Take a look at the following method and class:
>
> > >http://www.mozilla.org/rhino/apidocs/org/mozilla/javascript/Context.h......
>
> > > --N
_______________________________________________
dev-tech-js-engine mailing list
dev-tech-js-engine@...
https://lists.mozilla.org/listinfo/dev-tech-js-engine
« Return to Thread: Can I disable the ability to call java code from rhino?
| Free embeddable forum powered by Nabble | Forum Help |
