Rhino: restrict Java packages that can be accessed from JavaScript
-
05-09-2019 - |
Question
When embedding a JavaScript interpreter (Rhino) into a Java application (to be able to script that application), how would one go about restricting the Java packages that are available to scripts? For example, only "java.lang.*" should be accessible.
Solution
A method for blocking access to certain packages and classes (including through reflection) in Rhino is described here. The important interface is ClassShutter which provides access control for Rhino's LiveConnect support.
OTHER TIPS
how about just saying:
java = undefined; com = undefined; Packages = undefined;
in an initial script which is loaded first.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow