On Feb 24, 8:35 am, Greg Lindholm <[email protected]> wrote:
> Using Rhino 1.7R1
>
> I'm running JS from a Java web application and have setup a Sealed
> shared scope as described herehttp://www.mozilla.org/rhino/scopes.html.
>
> For each "request" where I need to run JS I setup a new scope and
> point the prototype to the sealedSharedScope.
>
> I have found that if I seal the shared scope itself
> ( sealedSharedScope.sealObject(); ) then I get this exception when I
> attempt to use Java classes from within a script.
>
> org.mozilla.javascript.EvaluatorException: Cannot modify a property of
> a sealed object: getClass. (/initSharedScope.js#44)
>
> I have traced the root cause down to inside:
> org.mozilla.javascript.NativeJavaTopPackage.init(Context cx,
> Scriptable scope, boolean sealed)
>
> Inside the init() method this call is made which attempts to define a
> property in the parent scope for the function "getClass".
> getClass.exportAsScopeProperty(); // line 139
>
> It then throws the exception because the scope has been sealed.
>
> If I don't call sealedSharedScope.sealObject(); then everything works
> with no exception. But of course the scope isn't sealed and this is
> too dangerous for untrusted JS in a shared environment.
>
> I've tried adding the "dynamic scope" but this made no difference.
>
> It appears that using a Sealed Shared Scope and Java classes is
> incompatible. Is there some way to make this work?
>
> Note if you test this with some common java classes like
> "java.lang.String" it works fine as it appears some common classes are
> predefined in the scope or pre-cached.
> Note I also use a ClassShutter to limit the java classes allowed to
> safe classes.
I believe this is a bug that is actually fixed in the latest release
candidate regarding the lazy loading of certain Rhino properties. I'm
still on an older release, though, so my sealed scope initializer
looks like this:
topLevel = cx.initStandardObjects(null, true);
//Force all the stuff we need to be loaded. These objects
are meant to be lazy
//loaded by Rhino but that doesn't work since the scope is
sealed.
String loadMe = "RegExp; getClass; java; Packages;
JavaAdapter;";
cx.evaluateString(topLevel, loadMe, "lazyLoad", 0, null);
topLevel.sealObject();
Just by mentioning the properties in the loadMe string, Rhino puts
these in the scope before it is sealed. Obviously if you need other
features like E4X, you could mention those in the loadMe string too.
HTH,
A
_______________________________________________
dev-tech-js-engine-rhino mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-js-engine-rhino
