Hi Emond, the unit test is working with while(true) - so if I execute a javascript with while(true) and cancel the future after a delay of 5 seconds - the unit test ends.
kind regards Tobias > Am 07.01.2016 um 11:49 schrieb Emond Papegaaij <emond.papega...@topicus.nl>: > > Hi Tobias, > > Future.cancel will attempt to interrupt the thread, but this will not stop a > thread executing > 'while(true);'. It will stop a thread executing 'while(!isInterrupted());'. > There is no way to > safely stop a thread in Java (other than stopping the entire VM). > > Best regards, > Emond > >> On Thursday, January 07, 2016 11:12:31 AM Tobias Soloschenko wrote: >> Hi, >> >> I use ScheduledExecutorService and cancel - I am going to submit and show >> you the changes this evening. >> >> kind regards >> >> Tobias >> >>> Am 07.01.2016 um 10:50 schrieb Emond Papegaaij >>> <emond.papega...@topicus.nl>: >>> >>> Hi Tobias, >>> >>> How do you terminate a thread? The only way to terminate a Thread from >>> outside is Thread.stop, which is very dangerous. Thread.interrupt will >>> only stop de thread if that thread supports interrupting. A simple >>> 'while(true);' will not terminate. Even if you manage to terminate a >>> script in a few seconds, this will not help against a script like: >>> >>> var i = 0, o = {}; >>> while(true) { >>> >>> o[i++] = new Array(1000000); >>> >>> } >>> >>> Don't understand me wrong, a resource like this can be useful in some >>> situations, but you realy have to make sure it is not exposed to the >>> user, or you will have to deal with rogue scripts. >>> >>> Best regards, >>> Emond >>> >>>> On Thursday, January 07, 2016 10:25:30 AM Tobias Soloschenko wrote: >>>> Hi Emond, >>>> >>>> I already implemented a thread pool which terminates long running >>>> scripts. I am going to submit it this evening. >>>> >>>> Good hint with the class filter - I am going to have a look at it. >>>> Thanks! >>>> >>>> kind regards >>>> >>>> Tobias >>>> >>>>> Am 07.01.2016 um 08:24 schrieb Emond Papegaaij >>>>> <emond.papega...@topicus.nl>: >>>>> >>>>> Hi Tobias, >>>>> >>>>> This is a very nice feature indeed, but be very carefull when exposing >>>>> server-side code to a client. What would happen if some user would post >>>>> 'Java.type("java.lang.System").exit(0)'? A service like this must always >>>>> be protected via some sort of whitelist filter. The Java Scripting API >>>>> has support for ClassFilter, which can be used for this.