use initSafeStandardObjects() instead of initStandardObjects() to avo…

…id execution of arbitrary (java) code

src/main/java/com/gargoylesoftware/htmlunit/ProxyAutoConfig.java

@@ -55,7 +55,7 @@ public static String evaluate(final String content, final URL url) {
         final Context cx = Context.enter();
         try {
             final ProxyAutoConfig config = new ProxyAutoConfig();
-            final Scriptable scope = cx.initStandardObjects();
+            final Scriptable scope = cx.initSafeStandardObjects();
 
             config.defineMethod("isPlainHostName", scope);
             config.defineMethod("dnsDomainIs", scope);

src/main/java/com/gargoylesoftware/htmlunit/javascript/JavaScriptEngine.java

@@ -202,7 +202,7 @@ private void init(final WebWindow webWindow, final Context context) throws Excep
 
         final Window window = new Window();
         ((SimpleScriptable) window).setClassName("Window");
-        context.initStandardObjects(window);
+        context.initSafeStandardObjects(window);
 
         final ClassConfiguration windowConfig = jsConfig_.getClassConfiguration("Window");
         if (windowConfig.getJsConstructor() != null) {

src/main/java/com/gargoylesoftware/htmlunit/javascript/host/worker/DedicatedWorkerGlobalScope.java

@@ -82,7 +82,7 @@ public DedicatedWorkerGlobalScope() {
      */
     DedicatedWorkerGlobalScope(final Window owningWindow, final Context context, final BrowserVersion browserVersion,
             final Worker worker) throws Exception {
-        context.initStandardObjects(this);
+        context.initSafeStandardObjects(this);
 
         final ClassConfiguration config = AbstractJavaScriptConfiguration.getClassConfiguration(
                 DedicatedWorkerGlobalScope.class, browserVersion);