[BATIK-556] RhinoInterpreter does not always call setSecurityController() - ASF JIRA

Attach files

Attach Screenshot

Add vote

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: In Progress
Resolution: Unresolved
Affects Version/s: 1.8
Fix Version/s: None
Component/s: Scripting
Labels:
None
Environment:
Operating System: other
Platform: Other

Description

Using Batik in Cocoon, activating the key_execute_onload transcoding hint of
batik rasterizer and using ecmascript on the onload attribute of the SVG root
element produces the following error:

java.lang.IllegalArgumentException: securityDomain should be null if
setSecurityController() was never called
at org.mozilla.javascript.Context.compileImpl(Context.java:2324)
at org.mozilla.javascript.Context.compileReader(Context.java:1334)
at org.mozilla.javascript.Context.compileReader(Context.java:1306)
at org.mozilla.javascript.Context.evaluateReader(Context.java:1248)
at org.apache.batik.script.rhino.RhinoInterpreter.evaluate(Unknown Source)

This happens because Cocoon loads Rhino for its own FlowScript before Batik is
requested to read an SVG image with scripting. In this case, the context is
already initialized, but without security controller. The patch attached sets
the security controller in all cases, whether or not the context has been
initialized by Batik.