How to configure sandbox security in in Rhino JavaScript engine
-
29-09-2019 - |
Question
I want to interpret html pages scripts, but want to disable any posibility of harming my computer. Is there are any official tutorial or example how to configure such feature? (i dont find it in offcial site)
Solution
I haven't seen any official example, but see this SO question and particularly this article on sandboxing in Rhino. The article gives a pretty good overview of the things you'll have to set up and guard against.
OTHER TIPS
run an initial script like this:
java = undefined;
Packages = undefined;
org = undefined;
...
then it is sandboxed.
Beware reflection "out.println('outclass ' + out.getClass().forName('java.io.File'));"
There are many traps to this trade. Previous answer not good enough.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow