Uploaded image for project: 'Commons JEXL'
  1. Commons JEXL
  2. JEXL-116

Add control over classes, methods, constructors and properties allowed in scripts

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.1
    • Labels:
      None

      Description

      The idea is to explicitly allow/disallow which classes, methods, constructors and properties the Uberspect can access.
      By building an Uberspect with white/black lists, the JEXL engine would only "see" allowed constructs and user scripts would thus be restricted to a controlled set of objects and methods.

      See http://apache-commons.680414.n4.nabble.com/jexl-JEXL-Secure-Sandbox-tt3626959.html

        Attachments

          Activity

            People

            • Assignee:
              henrib Henri Biestro
              Reporter:
              henrib Henri Biestro
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: