Remove additional function from Rhino shell

Question

I want to use Rhino as a sandbox to run user supplied scripts on a server. I want to do that from PHP, which doesn't have Java bindings any more, so I have to use the command line interface (Rhino shell).

Unfortunately the Rhino shell adds some intrinsic functions to the environment that ruin the sandbox character, like file access and runCommand() which allows runnning arbitrary commands on the system.

Is there a way to disable them?

score 0 · Accepted Answer · edited May 23 '17 at 10:33

0

I found that I can just overwrite them with null or delete them:

runCommand = null;
delete runCommand;

I can find out which global functions and objects there are by getting all properties of the Global, which is stored in this:

Object.getOwnPropertyNames(this);

edited May 23 '17 at 10:33

Community

1
1

answered Jun 22 '11 at 01:40

AndreKR

32,613
18
106
168

Remove additional function from Rhino shell

1 Answers1