Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to load external scripts into the same context #122

Open
smeverts opened this issue Dec 22, 2021 · 1 comment
Open

How to load external scripts into the same context #122

smeverts opened this issue Dec 22, 2021 · 1 comment

Comments

@smeverts
Copy link

We want to provide a set of curated / approved scripts which our users can include in their scripts. This could be some common JS libraries which will make the user's life easier when creating a Nashorn Script. One of the balancing points here is to only allow the scripts to be read from a "trusted" location, which in this case could be somewhere on the filesystem and the file can be loaded into a string and then loaded into the script, I've tried loading them how a lot of Nashorn example show, which looks like:

sandbox.eval("script code loaded to string from a file system object"); sandbox.eval("script code that makes use of the loaded script above");

The above works when not using the sandbox and just native Nashorn. However, using the delight sandbox, the script loaded using this mechanism does not have access to first script probably due to not being loaded into the same context.

Is there something that we can do here?
@mxro
Copy link
Collaborator

mxro commented Dec 24, 2021

Hello, thanks for raising an issue!

Could this be achieved using bindings (#44) or script context (#29)?

See here for example this test

delight-nashorn-sandbox/src/test/java/delight/nashornsandbox/TestEvalWithScriptContextWithVariables.java

Line 17 in 23ba3d7

public void test() throws ScriptCPUAbuseException, ScriptException {
- since the same script context is used for two different calls to eval, the variable initialised in the first is available in the second. And I would assume all that 'loads a library' means is to initialise variables that then can be used by other scripts?

ScriptContext newContext1 = new SimpleScriptContext();
sandbox.eval(librarySourceCode, newContext1);
sandbox.eval("jquery.doSomething()", newContext1);

Bindings could be used for a more explicit passing on of the variables initialised by loading the script, such as:

sandbox1.eval(librarySourceCode);
Object varFromLibrary = sandbox1.eval("jquery");
Bindings binding1 = sandbox2.createBindings();
binding1.put("jquery", varFromLibrary);

But not so sure if this second option will work if the passed on object is complex rather than a simple value.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mxro @smeverts