发表新帖
发表新帖

Secure Nashorn JS Execution

前端 未结
关注
9 1287
故里飘歌
故里飘歌 2020-12-04 12:07

How can I securely execute some user supplied JS code using Java8 Nashorn?

The script extends some computations for some servlet based reports. The app has many diff

9条回答
  • 执笔经年
    执笔经年 (楼主)
    2020-12-04 12:37

    Without the use of Security Manager it is not possible to securely execute JavaScript on Nashorn.

    In all releases of Oracle Hotspot that included Nashorn one can write JavaScript that will execute any Java/JavaScript code on this JVM. As of January 2019, Oracle Security Team insist that use of Security Manager is mandatory.

    One of the problems is already discussed in https://github.com/javadelight/delight-nashorn-sandbox/issues/73

    0 讨论(0)
 看不清?
提交回复
热议问题