You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 21, 2023. It is now read-only.
I cheated when writing the JS security manager by having it check if the call originated in the JSExecutor class, and if so verify that it was a whitelisted permission. However this opens the door for a compromised JS environment to be able to perform any of the whitelisted actions, including reflection and classloaders (why does something built into java need that?). This will also replace the long process of scanning the stack trace with a single check.
The text was updated successfully, but these errors were encountered:
I cheated when writing the JS security manager by having it check if the call originated in the JSExecutor class, and if so verify that it was a whitelisted permission. However this opens the door for a compromised JS environment to be able to perform any of the whitelisted actions, including reflection and classloaders (why does something built into java need that?). This will also replace the long process of scanning the stack trace with a single check.
The text was updated successfully, but these errors were encountered: