> My instinct tells me that what I should do, then, is do > initStandardObjects() and then iterate over all symbols in the scope, > removing (using Scriptable.delete() if that guess isn't wrong) any > that don't appear in, for example, the Standard Objects list > (<https://developer.mozilla.org/en/Core_JavaScript_1.5_Reference#Standard_global_objects>) > instead of > specifically removing java, Packages, sun, and so forth, because I'm > paranoid like that...
Already a snafu with this approach. Scriptable.getIds() does not supply the names of properties that were not defined by the script. I suppose there's always ClassShutter, but I feel like I don't have a complete picture of what it does and doesn't do. If I defined visibleToScripts() to always return false, hopefully it would disable access to java.lang.System, but would it also disable anything that is required to run a trivial script? Would it or wouldn't it also disable other associated functionality (such as importPackage())? Would it disable host objects explicitly placed via Scriptable.put()? I can and probably will figure out the answers to some or all of these via experimentation, but I would like to see them specified in the docs as a minimal acknowledgement that everyone is on the same page. Again, I beg the advice of someone who has. Thanks dro _______________________________________________ dev-tech-js-engine-rhino mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-js-engine-rhino
