Using Rhino 1.7R1 I'm running JS from a Java web application and have setup a Sealed shared scope as described here http://www.mozilla.org/rhino/scopes.html.
For each "request" where I need to run JS I setup a new scope and point the prototype to the sealedSharedScope. I have found that if I seal the shared scope itself ( sealedSharedScope.sealObject(); ) then I get this exception when I attempt to use Java classes from within a script. org.mozilla.javascript.EvaluatorException: Cannot modify a property of a sealed object: getClass. (/initSharedScope.js#44) I have traced the root cause down to inside: org.mozilla.javascript.NativeJavaTopPackage.init(Context cx, Scriptable scope, boolean sealed) Inside the init() method this call is made which attempts to define a property in the parent scope for the function "getClass". getClass.exportAsScopeProperty(); // line 139 It then throws the exception because the scope has been sealed. If I don't call sealedSharedScope.sealObject(); then everything works with no exception. But of course the scope isn't sealed and this is too dangerous for untrusted JS in a shared environment. I've tried adding the "dynamic scope" but this made no difference. It appears that using a Sealed Shared Scope and Java classes is incompatible. Is there some way to make this work? Note if you test this with some common java classes like "java.lang.String" it works fine as it appears some common classes are predefined in the scope or pre-cached. Note I also use a ClassShutter to limit the java classes allowed to safe classes. _______________________________________________ dev-tech-js-engine-rhino mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-js-engine-rhino
