Re: Function editor
Jon G?mez wrote:
I have some concerns, however, if the OP ends up having the Javascript
engine do the parsing. Since the formulas are coming from an external
source (the user), should restrictions be placed on allowed input, or
allowed operations by the script? For example, should the user be
prevented from doing things like "2 + 3; java.lang.System.exit(0);"? If
this is an application that exposes itself to the network, etc., then
one might want to prevent things like "f = new java.io.File('file.txt');
f2 = new java.io.File('uh-oh.txt'); f.renameTo(f2);"?
I was looking at the OpenJDK source code and the Rhino engine source
code, and, sure enough, there is a way to prohibit some form of access:
public boolean visibleToScripts(String fullClassName) {
// first do the security check.
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
int i = fullClassName.lastIndexOf(".");
if (i != -1) {
try {
sm.checkPackageAccess(fullClassName.substring(0, i));
} catch (SecurityException se) {
return false;
}
}
}
// now, check is it a protected class.
return protectedClasses.get(fullClassName) == null;
}
(protectedClasses turns out to be a hard-coded list)
The semantics of how this is called turns to be as follows:
<http://www.mozilla.org/rhino/apidocs/org/mozilla/javascript/ClassShutter.html#visibleToScripts(java.lang.String)>.
So you could, for example, disable large swathes of packages with the
appropriate security manager settings.
Alternatively, if you want finer control, you could probably overwrite
the ClassShutter via
<http://www.mozilla.org/rhino/apidocs/org/mozilla/javascript/ContextFactory.html#initGlobal(org.mozilla.javascript.ContextFactory)>.
It might also be possible to simply hide the java-related variables with
globals to prevent all access whatsoever.
--
Beware of bugs in the above code; I have only proved it correct, not
tried it. -- Donald E. Knuth