On Mar 31, 4:01 pm, Rhino user <[email protected]> wrote: > H , > I have a class shutter set on the context like this. > cx.setClassShutter(new ClassShutter() { > public boolean visibleToScripts(String className) { > > return (className.equals > ("org.mozilla.javascript.EvaluatorException") ; > > } > }); > > I am getting org.mozilla.javascript.EvaluatorException: Access to > Java class "java.lang.Object" is prohibited from the JS when I tr to > execute the script. > If I add > /*|| className.startsWith( "java.lang.Object") */ ) > This exception goes away. But is it safe to expose java.lang.object > from the class shutter? Will it cause any vulnerability? > IS there any other way to avoid this? > Thanks
Just some additional information on the script - I have a javaclass named APP, which has a method getPlugins() which returns an Object[] with all the plugins in the system. In the script it - // Get array of PlugIn objects var aPlugins = app.plugIns; // Get number of plug-ins var nPlugins = aPlugins.length; This highlighted line gives error. What can I do ? Thanks _______________________________________________ dev-tech-js-engine-rhino mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-js-engine-rhino
