[
https://issues.apache.org/jira/browse/SLING-740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12649378#action_12649378
]
Felix Meschberger commented on SLING-740:
-----------------------------------------
> Forgot to mention that there's no security w.r.t snippets code.
Well, this is of course the same issue with traditional scripting. E.g. you
could System.exit(0) in any JSP or java.lang.System.exit(0) in any ECMAScript...
But then, accessing to creating scripts is generally limited, while this of
course opens all doors ....
And System.exit(0) is not even the worst case scenario: Imagine
Runtime.getRuntime().exec("rm -rf /")
> javashell sample
> ----------------
>
> Key: SLING-740
> URL: https://issues.apache.org/jira/browse/SLING-740
> Project: Sling
> Issue Type: Improvement
> Components: Samples
> Reporter: Bertrand Delacretaz
> Priority: Minor
> Attachments: javashell-example.jpg
>
>
> I have created a sample app named "javashell" that allows for executing java
> code snippets stored in repository nodes.
> The app provides a few simple JCR samples, and a user interface to edit them.
> I'll commit that under samples/javashell.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
