Nashorn JS - prevent System.exit()

[ad...@cs.miami.edu]

Luca and Group,

Here is how to prevent User calling System.exit()

First create a ClassFilter that prevents access to the System object.   This will prevent all direct access to System, includeing System.out.println.   You can provide limited access to a class like System by creating a wrapper class MySystem which then calls into System from Java (not from Nashorn).  This is both good and bad, the good is that you can provide access to some methods in a class, the bad is that you can accidentally "leak" methods that you may not wish to expose....

import jdk.nashorn.api.scripting.*;
public class MyFilter implements ClassFilter {
    public boolean exposeToScripts(String className) {
       if (className.contains("java.lang.System")) {
           return false;
       } else {
           return true;
       }
    }
}

Then when you create the Nashorn engine pass the Filter to the Factory:

            NashornScriptEngineFactory factory = new NashornScriptEngineFactory();
            ScriptEngine engine = factory.getScriptEngine(myFilter);    

There may be other things that need to be addressed, like reflection (which I think is disabled by defualt in Nashorn.  But this should be a good starting point.

Best,

-Adam