From 5460feaaee4514d89c15f633ee7c7083308b755f Mon Sep 17 00:00:00 2001 From: David Caruana Date: Mon, 14 Aug 2006 09:51:12 +0000 Subject: [PATCH] Rhinoscript Engine: - Remove ability to import any java package - this is not secure. - Small code update (instanceof instead of class comparison) after Kev review git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@3490 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../java/org/alfresco/repo/jscript/RhinoScriptService.java | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/source/java/org/alfresco/repo/jscript/RhinoScriptService.java b/source/java/org/alfresco/repo/jscript/RhinoScriptService.java index 11d6ede4fc..a1f05da5f9 100644 --- a/source/java/org/alfresco/repo/jscript/RhinoScriptService.java +++ b/source/java/org/alfresco/repo/jscript/RhinoScriptService.java @@ -223,11 +223,8 @@ public class RhinoScriptService implements ScriptService { // The easiest way to embed Rhino is just to create a new scope this way whenever // you need one. However, initStandardObjects is an expensive method to call and it - // allocates a fair amount of memory. ImporterTopLevel provides a scope allowing - // the import of java classes and packages. - Scriptable topLevelScope = new ImporterTopLevel(cx); + // allocates a fair amount of memory. Scriptable scope = cx.initStandardObjects(); - scope.setParentScope(topLevelScope); // insert supplied object model into root of the default scope if (model != null) @@ -254,7 +251,7 @@ public class RhinoScriptService implements ScriptService Object result = cx.evaluateReader(scope, reader, "AlfrescoScript", 1, null); // extract java object result if wrapped by rhinoscript - if (result != null && result.getClass().equals(NativeJavaObject.class)) + if (result != null && result instanceof NativeJavaObject) { result = Context.jsToJava(result, Object.class); }