Disabling extensions
A. Sundararajan
sundararajan.athijegannathan at oracle.com
Thu Mar 20 04:21:00 UTC 2014
Hi,
There is no simple way to disable *all* nashorn extensions. But the
ECMAScript type arrays (which is not yet ECMAScript standard) and Java
access can be disabled using command line options:
jjs -nta -nj
The above disables "ECMAScript typearrays" and "java access" (Java,
Packages, javax, java etc.). As for 'load', 'exit' etc. these are
security checked and therefore untrusted script will get security
exception. If you still want to delete these, you can manually delete as
you wrote.
Command line options of 'jjs' also work for nashorn script engine via
System property "nashorn.args". For example:
java -Dnashorn.args="-nta -nj" Main
where Main.java is as follows:
import javax.script.*;
public class Main {
public static void main(String[] args) throws Exception {
ScriptEngineManager m = new ScriptEngineManager();
ScriptEngine engine = m.getEngineByName("nashorn");
System.out.println(engine.eval("Int8Array"));
System.out.println(engine.eval("Java"));
}
}
-Sundar
On Thursday 20 March 2014 02:08 AM, Harshad RJ wrote:
> Hi,
>
> How do I disable some or all of the nashorn extensions? I am
> especially interested in disabling the creation of attributes such as:
> exit, quit, load, etc.
>
> I can confirm that this works:
>
> jsContext = jsEngine.getContext()
> jsContext.removeAttribute("exit", jsContext.getAttributesScope("exit"))
>
> However, it would be nicer to disable their creation itself.
>
> thanks,
More information about the nashorn-dev
mailing list