Create empty environment?
petermichaux at gmail.com
Tue Jan 21 09:24:48 PST 2014
Would it be possible to add an option so that an environment is returned that does not have `print`, `load`, etc? This way application developers do not need to keep up with the list of things that need to be removed as that list changes in the future.
On 2014-01-20, at 10:56 PM, "A. Sundararajan" <sundararajan.athijegannathan at oracle.com> wrote:
> Nashorn is secure. An untrusted script is runs in sandboxed mode (assuming you turned security manager on).
> Nashorn prevents sensitive operations (including even Java reflection, jsr292 access) from scripts without permissions. Starting with --no-java ensure no java access at all. I suggested this - not as a security measure, but as preference/option
> The ones that are left out after --no-java are only 'print', 'load/loadWithNewGlobal/quit/exit' (loads script from file/URL) etc. -- all require necessary permissions - except for print which basically prints to the ScriptContext's output writer. For example, load will throw SecurityException if sandbox script tries to load script from the internet.
> AFAIK, many implementations add one or two things to global scope. That in itself is not a security problem -- it is how the security access check is done even in the presence of extension objects and functions.
> On Tuesday 21 January 2014 11:19 AM, Peter Michaux wrote:
>> Thanks for your response.
>> On 2014-01-20, at 10:24 PM, "A. Sundararajan" <sundararajan.athijegannathan at oracle.com> wrote:
>>> You can start your application with the System property
>>> This will avoid initializing properties needed for Java access ("Packages", "Java", "java", "javax" etc.). Note that the script can access Java methods/properties of objects explicitly exposed via javax.script.ScriptContext/Bindings (if any). If those are also empty, then global scope gets nothing from Java.
>>> Note this still defines certain extensions like 'load' , 'print' in global scope as well as "context" (required per jsr223 spec). If you want, you can manually delete these properties or assign undefined to these by writing a simple init script that is loaded upfront - before running the actual script.
>>> Hope this helps,
>>> On Tuesday 21 January 2014 10:45 AM, Peter Michaux wrote:
>>>> When I create a new Nashorn script engine, it seems to come preloaded with globals like `print` which are not part of the ECMAScript standard. How can I create an "empty" environment that only has the globals defined in the standard?
More information about the nashorn-dev