Create empty environment?
sundararajan.athijegannathan at oracle.com
Mon Jan 20 21:56:29 PST 2014
Nashorn is secure. An untrusted script is runs in sandboxed mode
(assuming you turned security manager on).
Nashorn prevents sensitive operations (including even Java reflection,
jsr292 access) from scripts without permissions. Starting with --no-java
ensure no java access at all. I suggested this - not as a security
measure, but as preference/option
The ones that are left out after --no-java are only 'print',
'load/loadWithNewGlobal/quit/exit' (loads script from file/URL) etc. --
all require necessary permissions - except for print which basically
prints to the ScriptContext's output writer. For example, load will
throw SecurityException if sandbox script tries to load script from the
AFAIK, many implementations add one or two things to global scope. That
in itself is not a security problem -- it is how the security access
check is done even in the presence of extension objects and functions.
On Tuesday 21 January 2014 11:19 AM, Peter Michaux wrote:
> Thanks for your response.
> On 2014-01-20, at 10:24 PM, "A. Sundararajan" <sundararajan.athijegannathan at oracle.com> wrote:
>> You can start your application with the System property
>> This will avoid initializing properties needed for Java access ("Packages", "Java", "java", "javax" etc.). Note that the script can access Java methods/properties of objects explicitly exposed via javax.script.ScriptContext/Bindings (if any). If those are also empty, then global scope gets nothing from Java.
>> Note this still defines certain extensions like 'load' , 'print' in global scope as well as "context" (required per jsr223 spec). If you want, you can manually delete these properties or assign undefined to these by writing a simple init script that is loaded upfront - before running the actual script.
>> Hope this helps,
>> On Tuesday 21 January 2014 10:45 AM, Peter Michaux wrote:
>>> When I create a new Nashorn script engine, it seems to come preloaded with globals like `print` which are not part of the ECMAScript standard. How can I create an "empty" environment that only has the globals defined in the standard?
More information about the nashorn-dev