How can you run Javascript using Rhino for Java in a sandbox?

Question

Part of our java application needs to run javascript that is written by non-developers. These non-developers are using javascript for data formatting. (Simple logic and str

Answer 1

If you are looking for pure JavaScript functions only, here is a solution basing on JDK embedded Rhino library without importing any 3rd-parties libraries:

1. Find out JavaScript script engine factory class name by ScriptEngineManager#getEngineFactories
2. Load script engine factory class in a new class loader, in which JavaMembers or other related classes will be ignored.
3. Call #getScriptEngine on loaded script engine factory and eval scripts on returned script engine.

If given script contains Java script, class loader will try to load JavaMembers or other classes and trigger class not found exceptions. In this way, malicious scripts will be ignored without execution.

Please read ConfigJSParser.java and ConfigJSClassLoader.java files for more details:

https://github.com/webuzz/simpleconfig/tree/master/src/im/webuzz/config