javax.script.ScriptException when eval special js #66
Comments
|
Now i can easy reproduce. It has problem when call injectInterruptionCalls method in JsSanitizer class. The Regular expression source demo.js var t1 = "(function)";
var person={
"name": "test"
};
print("t1" + person.name);demo.js (after call injectInterruptionCalls method) var t1 = "(function)";
var person = {__if();
"name": "test"
};
print("t1" + person.name);only jdk8 NashornScriptEngineFactory factory = new NashornScriptEngineFactory();
NashornScriptEngine engine = (NashornScriptEngine) factory.getScriptEngine();
String demo = FileUtils.readFileToString(new File(NashornSandboxDemo.class.getResource("/demo.js").getFile()),"UTF-8");
engine.eval(demo);use NashornSandbox NashornSandbox sandbox = NashornSandboxes.create();
try {
sandbox.setMaxCPUTime(6000);
sandbox.setMaxMemory(50*1024*1024L);
sandbox.allowNoBraces(true);
sandbox.allowExitFunctions(true);
sandbox.allowGlobalsObjects(true);
sandbox.allowLoadFunctions(true);
sandbox.allowPrintFunctions(true);
sandbox.allowReadFunctions(true);
sandbox.setMaxPreparedStatements(10000);
sandbox.setExecutor(Executors.newSingleThreadExecutor());
String demo = FileUtils.readFileToString(new File(NashornSandboxDemo.class.getResource("/demo.js").getFile()),"UTF-8");
sandbox.eval(demo);
} catch (ScriptException e) {
e.printStackTrace();
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} finally {
sandbox.getExecutor().shutdown();
} |
wzhonggo
changed the title
|
Hello! Thank you for reporting this issue and for digging a bit deeper to find out the cause. It's definitely possible that the injected JS causes problems in some edge cases. I will hopefully have time on the weekend to look into finding a workaround for this. In the meantime, be welcome to have a look if you can find anything obvious. The code is injected here: https://github.com/javadelight/delight-nashorn-sandbox/blob/master/src/main/java/delight/nashornsandbox/internal/JsSanitizer.java |
|
change regex expression // in delight.nashornsandbox.internal.JsSanitizer line 83
//"(\\s*([^\"]?function[^\"])\\s*[^\\{]+\\{)"
"(\\s*([^\"]?function)\\s*[^\"]*\\([^\\{]*\\)\\s*\\{)"After change code , demo.js is test ok. But it is still not work with other special js. source demo1.js function a() {
}
switch (name) {
case "s":
case "n":
}demo1.js (after call injectInterruptionCalls method) function a() {}
switch (name) {__if();
case "s":
case "n":
} |
|
Thank you for the solution. With some minor modifications this also solves the second case. See the pull request linked above. Is this issue resolved now? |
|
Hello, This problem still seems to persist when the switch-statement is inside the function: function a() {
switch (name) {
case "s":
case "n":
}
}The regex matches everything up to the parenthesis after the |
Hi,
I want to eval jsonata.js by NashornSandbox(version is 0.1.16). Jsonata.js ie write by es6, jdk8 no full support es6, so i use jsonata-es5.js to test, but still hava problem. It is ok if only use jdk8.
jsonata-es5.zip
only jdk8
use NashornSandbox
sample.json
{ "FirstName": "Fred", "Surname": "Smith", "Age": 28, "Address": { "Street": "Hursley Park", "City": "Winchester", "Postcode": "SO21 2JN" }, "Phone": [ { "type": "home", "number": "0203 544 1234" }, { "type": "office", "number": "01962 001234" }, { "type": "office", "number": "01962 001235" }, { "type": "mobile", "number": "077 7700 1234" } ], "Email": [ { "type": "work", "address": ["fred.smith@my-work.com", "fsmith@my-work.com"] }, { "type": "home", "address": ["freddy@my-social.com", "frederic.smith@very-serious.com"] } ], "Other": { "Over 18 ?": true, "Misc": null, "Alternative.Address": { "Street": "Brick Lane", "City": "London", "Postcode": "E1 6RF" } } }error stack
The text was updated successfully, but these errors were encountered: