How to configure sandbox security in in Rhino JavaScript engine

Question

I want to interpret html pages scripts, but want to disable any posibility of harming my computer. Is there are any official tutorial or example how to configure such feature? (i dont find it in offcial site)

score 6 · Answer 1 · answered Mar 15 '11 at 16:54

6

run an initial script like this:

java = undefined;
Packages = undefined;
org = undefined;
...

then it is sandboxed.

answered Mar 15 '11 at 16:54

chacko

5,004
9
31
39

Is there a comprehensive, up to date list somewhere of objects we need hide like this to effectively sandbox a script? – svidgen Apr 19 '14 at 18:42

score 4 · Accepted Answer · edited May 23 '17 at 12:19

4

I haven't seen any official example, but see this SO question and particularly this article on sandboxing in Rhino. The article gives a pretty good overview of the things you'll have to set up and guard against.

edited May 23 '17 at 12:19

Community

1
1

answered Nov 30 '10 at 13:47

fizban

597
5
12

score 2 · Answer 3 · answered Jul 09 '15 at 04:58

2

Beware reflection "out.println('outclass ' + out.getClass().forName('java.io.File'));"

There are many traps to this trade. Previous answer not good enough.

answered Jul 09 '15 at 04:58

Tuntable

3,276
1
21
26

How to configure sandbox security in in Rhino JavaScript engine

3 Answers3