commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Henri Biestro (JIRA)" <j...@apache.org>
Subject [jira] [Created] (JEXL-116) Add control over classes, methods, constructors and properties allowed in scripts
Date Fri, 15 Jul 2011 08:34:00 GMT
Add control over classes, methods, constructors and properties allowed in scripts
---------------------------------------------------------------------------------

                 Key: JEXL-116
                 URL: https://issues.apache.org/jira/browse/JEXL-116
             Project: Commons JEXL
          Issue Type: New Feature
            Reporter: Henri Biestro
            Assignee: Henri Biestro
             Fix For: 2.0.2


The idea is to explicitly allow/disallow which classes, methods, constructors and properties
the Uberspect can access.
By building an Uberspect with white/black lists, the JEXL engine would only "see" allowed
constructs and user scripts would thus be restricted to a controlled set of objects and methods.

See http://apache-commons.680414.n4.nabble.com/jexl-JEXL-Secure-Sandbox-tt3626959.html


--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message