We did something similar but by explicitly monitoring the thread that was executing the script for completion within a certain timeframe.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Greg Brail Sent: Tuesday, November 12, 2013 4:28 PM To: [email protected] Subject: Re: Opening Nashorn to the Internet Rhino had support for an "instruction count callback," which it would call every N instructions. When embedding a script, you can then use that callback to check various conditions and do things like abort scripts that run for too long. Have you guys on the Nashorn team considered adding anything additional to Nashorn? That is one of the things I can think of that would make it closer to being a feature-complete replacement for Rhino. On Sat, Nov 9, 2013 at 2:25 AM, Rod Nim <[email protected]> wrote: > Our app lets our end users write JavaScript via a web interface (Cloud > 9's > ACE) and submit that code back to the server to be executed in Nashorn. > > Does anyone have any perspective on dealing with either accidental or > malicious issues such as tight loops and excessive memory allocation? > > var outOfMemory = ''; > while (true) { > outOfMemory += outOfMemory; > } > > Basically the question is "how do I safely open Nashorn scripting to > anyone", white hat, or black hat? > > Thanks for the help! > > Rod -- *greg brail* | *apigee <https://apigee.com/>* | m: +1.650.937.9302 | twitter @gbrail <http://twitter.com/gbrail> @apigee<https://twitter.com/apigee>
