Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to remove java apis from Nashorn-engine?

Tags:

java

javascript

nashorn

Is it possible to hide or remove java api's from nashorn-engine? So that it could only see or use "default" ECMAScript 262 Edition 5.1 with some especially exposed functions / variables?

I would like to let my endusers create some specific logic for their own without worrying they could hack the whole system. Of course there might be some security holes in the nashorn engine etc. but that is the different topic.

Edit: Sorry I forgot to mention that I am running nashorn inside my java application, so no commandline parameters can be used.

like image 518
pasuna Avatar asked Jun 28 '14 11:06

pasuna

People also ask

What is replacing Nashorn?

The Nashorn engine has been deprecated in JDK 11 as part of JEP 335 and and has been removed from JDK15 as part of JEP 372. GraalVM can step in as a replacement for JavaScript code previously executed on the Nashorn engine. GraalVM provides all the features for JavaScript previously provided by Nashorn.

Why Nashorn is deprecated?

With the release of Java 11, Nashorn was deprecated citing challenges to maintenance, and has been removed from JDK 15 onwards. Nashorn development continues on GitHub as a standalone OpenJDK project and the separate release can be used in Java project from Java 11 and up.

What is JDK Nashorn?

The Nashorn engine is included in the Java SE Development Kit (JDK). You can invoke Nashorn from a Java application using the Java Scripting API to interpret embedded scripts, or you can pass the script to the jjs or jrunscript tool. Note: Nashorn is the only JavaScript engine included in the JDK.

What is Nashorn in Java 8?

Nashorn: Nashorn is a JavaScript engine which is introduced in JDK 8. With the help of Nashorn, we can execute JavaScript code at Java Virtual Machine. Nashorn is introduced in JDK 8 to replace existing JavaScript engine i.e. Rhino.

1 Answers

Programmatically, you can also directly use the NashornScriptEngineFactory class which has an appropriate getScriptEngine() method:

import jdk.nashorn.api.scripting.NashornScriptEngineFactory;
...
NashornScriptEngineFactory factory = new NashornScriptEngineFactory();
...
ScriptEngine engine = factory.getScriptEngine("-strict", "--no-java", "--no-syntax-extensions");
like image 74
Attila Szegedi Avatar answered Oct 24 '22 09:10

Attila Szegedi
Sign in to Comment

Related questions

Why can't we instantiate an interface or an abstract class in java without an anonymous class method?
How to select duplicate values from a list in java?
JSF2 how to specify more than one custom element library in web.xml file
Cannot find a JSP variable in debug mode
Why can't I initialize a Map<int, String>? [duplicate]
Why program is not allowing to initialize the static final variable?
Difference between dispose and exit on close in java
How to get scaled instance of a bufferedImage
Create a list from DbCursor in MongoDB and Java
Catch in Java a exception thrown in Scala - unreachable catch block
XAMPP Tomcat/Error starting Tomcat
Thread Safety of ServletContext objects
Mockito style anyXXX methods for unit testing
Loading Drools/KIE Workbench artifacts directly from the repository
Spring 4.0 and ActiveMQ enableStompBrokerRelay error
How to get the Vaadin 7 application server IP and port?
How to check if a class has overridden equals and hashCode
The method assertEquals(String, String) is undefined for the type TestJunit
Run a method only at Spring Application Context startup?
How to obtain Pinterest V3 API-KEY or access_token

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!