Replying to myself: On 10/4/07, Trevor Harrison <[EMAIL PROTECTED]> wrote: > While looking for other ways to 'break' out, I started thinking about > classloaders. I haven't succeeded in getting a classloader yet in a > script, but if I could, it would be bad for my intended usage of JEXL > (as a fairly secure way of executing user supplied formulas). > > // this doesn't work > cl = intClazz.getClassLoader(); // this fails, returns a null
Well, still not sure why that method is returning a null for the classloader, but if I call (the much simpler) clazz.forName(), I can get a reference to a class: i = 0; intClazz = i.class; clazz = intClazz.forName("java.lang.System"); m = clazz.getMethod("getProperties", null); p = m.invoke(null, null); which successfully gets me the system properties. Which is probably the least of my worries, considering I could do something like: i = 0; intClazz = i.class; clazz = intClazz.forName("java.io.File"); m = clazz.getMethod("listRoots", null); roots = m.invoke(null, null); files = roots[0].listFiles(); foreach( file in files ) { file.delete(); } --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]