https://bugzilla.mozilla.org/show_bug.cgi?id=468385
Is a relevant bug and could use a poke.
David Parks wrote:
1. When you create the root scope, here is what I do:
rootScope = cx.initStandardObjects(null, false);
rootScope.delete("org");
rootScope.delete("edu");
rootScope.delete("javax");
rootScope.delete("com");
rootScope.delete("net");
rootScope.delete("Packages");
rootScope.delete("java");
rootScope.delete("JavaImporter");
These are the java packages loaded by default, in particular removing "java"
disables the generic access to the java subsystem (should I call it a
supersystem?), but the rest of them allow access to all kinds of java
classes directly.
I don't promise I got all of them, I haven't validated that code snippet
from my own app yet. But I think that's the full set. If I remember
correctly you can inspect the scope using ScriptableObject.getAllIds(). Some
playing around with that should get you a full list of everything that is
accessible to the script.
2. Hmm, for this one, I want to say you can do it, but I can't find anything
useful in the API docs, but I'm not the expert.
** Maybe someone else can comment here **
But if not I can suggest you take a look at the Interpreter class, I've
previously played with it and vaguely remember seeing something that might
be useful to you. It was some time ago, so I don't remember any better
specifics, but if you take a look around that class you might find something
you can use that only requires a minor tweak.
-----Original Message-----
From:
dev-tech-js-engine-rhino-bounces+davidparks21=yahoo....@lists.mozilla.org
[mailto:dev-tech-js-engine-rhino-bounces+davidparks21=yahoo....@lists.mozill
a.org] On Behalf Of [email protected]
Sent: Thursday, October 01, 2009 10:33 PM
To: [email protected]
Subject: Newbie questions about Rhino
Hi,
I'm new to Rhino and I've got two questions where until now I haven't found
a solution for:
1. Is it possible to restrict the access to Java objects or classes from a
script? E.g. if I don't want to let script developers doing something like
"var buf = new java.lang.StringBuffer ();". Could I configure the engine
with a white or black list or do I have to implement it via an own derived
class from org.mozilla.javascript.SecurityController?
2. Is it possible to access the syntax tree of a parsed script? E.g. for
generating XML transforming it via XSLT to a documentation?
Many thanks in advance,
Axel
-
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]
_______________________________________________
dev-tech-js-engine-rhino mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-js-engine-rhino
