Sandboxing in scripts
Sandboxing is a technique to restrict the usage of Java code in scripts. The purpose is to ensure reliable and robust execution and to make sure that only techniques that will be available in future releases of Sitevision is being used in custom applications.
Server-side Javascript execution is sandboxed and only explicitly white-listed Java classes will be allowed.
- Existing scripts that hasn't been modified in SiteVision 5 will not be sandboxed
- Scripts that has been modified in SiteVision 5 or later will be sandboxed
- New scripts that has been created in SiteVision 5 or later will be sandboxed
Known compabillity issues when migrating to Rhino from Nashorn.
Java Whitelist
The white-list basically contains all interfaces/classes/enums/exceptions of the the Sitevision Public API. It also contains all core Java classes/enums/exceptions that is thrown or used as argument or as return value of the Public API.
Sitevision Public API
All interfaces/classes/enums/exceptions in a Public API package: |
|---|
javax.jcr.* |
senselogic.sitevision.api.* |
Core classes
Class | Since |
|---|---|
java.lang.Boolean | |
java.lang.Byte | |
java.lang.Character | |
java.lang.Double | |
java.lang.Float | |
java.lang.Integer | |
java.lang.Long | |
java.lang.Number | 6.1 |
java.lang.Object | 5.0.1 |
java.lang.Short | 5.1 |
java.lang.String | |
java.util.Date | |
java.util.Calendar | |
java.util.Locale | |
java.math.BigDecimal | |
java.math.BigInteger |
Collection-related classes
Class | Since |
|---|---|
java.util.ArrayDeque | 5.1 |
java.util.ArrayList | |
java.util.Arrays | |
java.util.Collections | |
java.util.ConcurrentHashMap | |
java.util.EnumMap | |
java.util.EnumSet | |
java.util.HashSet | |
java.util.HashMap | |
java.util.Hashtable | |
java.util.LinkedHashMap | |
java.util.LinkedHashSet | 5.0.2 |
java.util.LinkedList | 5.1 |
java.util.Stack | 5.1 |
java.util.TreeMap | 5.0.1 |
java.util.TreeSet | 5.0.2 |
java.util.Vector | |
java.util.stream.Collectors | 5.0.1 |
IO-related classes
Class | Since |
|---|---|
java.io.BufferedInputStream | |
java.io.BufferedReader | 5.0.1 |
java.io.ByteArrayInputStream | 5.0.1 |
java.io.CharArrayReader | 5.0.1 |
java.io.DataInputStream | 5.0.1 |
java.io.InputStreamReader | 5.0.1 |
java.io.PrintWriter | |
java.io.StringWriter |
Formatting-related classes
Class | Since |
|---|---|
java.text.SimpleDateFormat | |
java.time.format.DateTimeFormatter | |
java.time.format.DateTimeFormatterBuilder | |
java.time.FormatStyle |
Time-related classes
Class | Since |
|---|---|
java.util.GregorianCalendar | |
java.util.TimeZone | |
java.util.SimpleTimeZone | |
java.util.concurrent.TimeUnit | |
java.time.Instant | |
java.time.Duration | |
java.time.Period | |
java.time.LocalDate | |
java.time.LocalDateTime | |
java.time.LocalTime | |
java.time.OffsetDateTime | |
java.time.OffsetTime | |
java.time.ZonedDateTime | |
java.time.ZoneOffset | |
java.time.ZoneId | |
java.time.Year | |
java.time.YearMonth | |
java.time.Month | |
java.time.MonthDay | |
java.time.DayOfWeek | |
java.time.temporal.ChronoUnit | |
java.time.temporal.ChronoField | |
java.time.temporal.IsoFields | |
java.time.temporal.WeekFields | |
java.time.temporal.TemporalAdjusters | |
java.time.zone.ZoneRules | |
java.time.zone.ZoneRulesProvider | 8 |
java.time.zone.ZoneOffsetTransition | |
java.time.zone.ZoneOffsetTransitionRule |
Misc classes
Class | Since |
|---|---|
java.lang.Math | 5.0.1 |
java.lang.StringBuffer | |
java.lang.StringBuilder | |
java.util.Base64 | |
java.util.Objects | 5.0.1 |
java.util.Optional | |
java.util.Random | 5.0.1 |
java.util.UUID | |
java.util.regex.Matcher | |
java.util.regex.Pattern | |
java.net.InetAdress | |
java.nio.charset.Charset | |
java.nio.charset.StandardCharsets | |
java.security.SecureRandom | 5.0.1 |
java.text.Collator | 5.1 |
java.text.Normalizer | |
java.text.Normalizer.Form |
Core interfaces
Class | Since |
|---|---|
java.lang.Comparable | 5.0.1 |
java.lang.Iterable | 5.0.1 |
java.util.Comparator | |
java.util.Iterator | 5.0.1 |
java.util.concurrent.Callable | 5.0.1 |
java.util.function.BiConsumer | 5.0.1 |
java.util.function.BiFunction | 5.0.1 |
java.util.function.Consumer | 5.0.1 |
java.util.function.Function | 5.0.1 |
java.util.function.Predicate | 5.0.1 |
java.util.function.Supplier | 5.0.1 |
Exceptions
Class | Since |
|---|---|
java.lang.ArithmeticException | 5.0.1 |
java.lang.ArrayIndexOutOfBoundsException | 5.0.1 |
java.lang.ClassCastException | 5.0.1 |
java.lang.Exception | 5.0.1 |
java.lang.IndexOutOfBoundsException | 5.0.1 |
java.lang.IllegalArgumentException | |
java.lang.IllegalStateException | 5.0.1 |
java.lang.NegativeArraySizeException | 5.0.1 |
java.lang.NullpointerException | |
java.lang.NumberFormatException | 5.0.1 |
java.lang.RuntimeException | |
java.lang.StringIndexOutOfBoundsException | 5.0.1 |
java.lang.UnsupportedOperationException | |
java.text.ParseException | 6.1 |
java.util.ConcurrentModificationException | 5.0.1 |
java.util.EmptyStackException | 5.0.1 |
java.util.NoSuchElementException | 5.0.1 |
java.util.regex.PatternSyntaxException | 5.0.1 |
java.io.CharConversionException | 5.0.1 |
java.io.EOFException | 5.0.1 |
java.io.InterruptedIOException | 5.0.1 |
java.io.IOException | |
java.io.NotSerializableException | 5.0.1 |
java.io.UncheckedIOException | 5.0.1 |
java.io.UnsupportedEncodingException | 5.0.1 |
java.nio.charset.IllegalCharsetNameException | 5.0.1 |
java.nio.charset.UnsupportedCharsetException | 5.0.1 |
java.security.NoSuchAlgorithmException | |
java.time.DateTimeException | |
java.time.format.DateTimeParseException | |
java.time.temporal.UnsupportedTemporalTypeException | 8 |
java.time.zone.ZoneRulesException | 8 |