On Feb 25, 11:18 am, wolffiex <[email protected]> wrote: > On Feb 24, 8:35 am, Greg Lindholm <[email protected]> wrote: > > > > > Using Rhino 1.7R1 > > > I'm running JS from a Java web application and have setup a Sealed > > shared scope as described herehttp://www.mozilla.org/rhino/scopes.html. > > > For each "request" where I need to run JS I setup a new scope and > > point the prototype to the sealedSharedScope. > > > I have found that if I seal the shared scope itself > > ( sealedSharedScope.sealObject(); ) then I get this exception when I > > attempt to use Java classes from within a script. > > > org.mozilla.javascript.EvaluatorException: Cannot modify a property of > > a sealed object: getClass. (/initSharedScope.js#44) > > > I have traced the root cause down to inside: > > org.mozilla.javascript.NativeJavaTopPackage.init(Context cx, > > Scriptable scope, boolean sealed) > > > Inside the init() method this call is made which attempts to define a > > property in the parent scope for the function "getClass". > > getClass.exportAsScopeProperty(); // line 139 > > > It then throws the exception because the scope has been sealed. > > > If I don't call sealedSharedScope.sealObject(); then everything works > > with no exception. But of course the scope isn't sealed and this is > > too dangerous for untrusted JS in a shared environment. > > > I've tried adding the "dynamic scope" but this made no difference. > > > It appears that using a Sealed Shared Scope and Java classes is > > incompatible. Is there some way to make this work? > > > Note if you test this with some common java classes like > > "java.lang.String" it works fine as it appears some common classes are > > predefined in the scope or pre-cached. > > Note I also use a ClassShutter to limit the java classes allowed to > > safe classes. > > I believe this is a bug that is actually fixed in the latest release > candidate regarding the lazy loading of certain Rhino properties. I'm > still on an older release, though, so my sealed scope initializer > looks like this: > > topLevel = cx.initStandardObjects(null, true); > //Force all the stuff we need to be loaded. These objects > are meant to be lazy > //loaded by Rhino but that doesn't work since the scope is > sealed. > String loadMe = "RegExp; getClass; java; Packages; > JavaAdapter;"; > cx.evaluateString(topLevel, loadMe, "lazyLoad", 0, null); > topLevel.sealObject(); > > Just by mentioning the properties in the loadMe string, Rhino puts > these in the scope before it is sealed. Obviously if you need other > features like E4X, you could mention those in the loadMe string too. > > HTH, > A
Thanks a lot, that did the trick. Maybe someone with access can put a note about this in the discussion about scopes on this page http://www.mozilla.org/rhino/scopes.html as it would have saved me a lot of time and frustration. _______________________________________________ dev-tech-js-engine-rhino mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-js-engine-rhino
