Opening Nashorn to the Internet
Greg Brail
greg at apigee.com
Tue Nov 12 13:27:41 PST 2013
Rhino had support for an "instruction count callback," which it would call
every N instructions. When embedding a script, you can then use that
callback to check various conditions and do things like abort scripts that
run for too long.
Have you guys on the Nashorn team considered adding anything additional to
Nashorn? That is one of the things I can think of that would make it closer
to being a feature-complete replacement for Rhino.
On Sat, Nov 9, 2013 at 2:25 AM, Rod Nim <rod.nim at outlook.com> wrote:
> Our app lets our end users write JavaScript via a web interface (Cloud 9's
> ACE) and submit that code back to the server to be executed in Nashorn.
>
> Does anyone have any perspective on dealing with either accidental
> or malicious issues such as tight loops and excessive memory allocation?
>
> var outOfMemory = '';
> while (true) {
> outOfMemory += outOfMemory;
> }
>
> Basically the question is "how do I safely open Nashorn scripting to
> anyone", white hat, or black hat?
>
> Thanks for the help!
>
> Rod
--
*greg brail* | *apigee <https://apigee.com/>* | m: +1.650.937.9302 |
twitter @gbrail <http://twitter.com/gbrail> @apigee<https://twitter.com/apigee>
More information about the nashorn-dev
mailing list