Sandboxing in scripts

Sandboxing is a technique to restrict the usage of Java code in scripts. The purpose is to ensure reliable and robust execution and to make sure that only techniques that will be available in future releases of SiteVision is being used in custom applications.

Server-side Javascript execution is sandboxed and only explicitly white-listed Java classes will be allowed.

  • Existing scripts that hasn't been modified in SiteVision 5 will not be sandboxed
  • Scripts that has been modified in SiteVision 5 will be sandboxed
  • New scripts that has been created in SiteVision 5 will be sandboxed

Known compabillity issues when migrating to Rhino from Nashorn.

Java Whitelist

The white-list basically contains all interfaces/classes/enums/exceptions of the the SiteVision Public API. It also contains all core Java classes/enums/exceptions that is thrown or used as argument or as return value of the Public API.

SiteVision Public API

All interfaces/classes/enums/exceptions in a Public API package:

javax.jcr.*

senselogic.sitevision.api.*

Core classes

Class

Since

java.lang.Boolean


java.lang.Byte


java.lang.Character


java.lang.Double


java.lang.Float


java.lang.Integer


java.lang.Long


java.lang.Object

5.0.1

java.lang.Short

5.1

java.lang.String


java.util.Date


java.util.Calendar


java.util.Locale


java.math.BigDecimal


java.math.BigInteger


Collection-related classes

Class

Since

java.util.ArrayDeque

5.1

java.util.ArrayList


java.util.Arrays


java.util.Collections


java.util.ConcurrentHashMap


java.util.EnumMap


java.util.EnumSet


java.util.HashSet


java.util.HashMap


java.util.Hashtable


java.util.LinkedHashMap


java.util.LinkedHashSet

5.0.2

java.util.LinkedList

5.1

java.util.Stack

5.1

java.util.TreeMap

5.0.1

java.util.TreeSet

5.0.2

java.util.Vector


java.util.stream.Collectors

5.0.1


IO-related classes

Class

Since

java.io.BufferedInputStream


java.io.BufferedReader

5.0.1

java.io.ByteArrayInputStream

5.0.1

java.io.CharArrayReader

5.0.1

java.io.DataInputStream

5.0.1

java.io.InputStreamReader

5.0.1

java.io.PrintWriter


java.io.StringWriter


Formatting-related classes

Class

Since

java.text.SimpleDateFormat


java.time.format.DateTimeFormatter


java.time.format.DateTimeFormatterBuilder


java.time.FormatStyle



Time-related classes

Class

Since

java.util.GregorianCalendar


java.util.TimeZone


java.util.SimpleTimeZone


java.util.concurrent.TimeUnit


java.time.Instant


java.time.Duration


java.time.Period


java.time.LocalDate


java.time.LocalDateTime


java.time.LocalTime


java.time.OffsetDateTime


java.time.OffsetTime


java.time.ZonedDateTime


java.time.ZoneOffset


java.time.ZoneId


java.time.Year


java.time.YearMonth


java.time.Month


java.time.MonthDay


java.time.DayOfWeek


java.time.temporal.ChronoUnit


java.time.temporal.ChronoField


java.time.temporal.IsoFields


java.time.temporal.WeekFields


java.time.temporal.TemporalAdjusters


java.time.zone.ZoneRules


java.time.zone.ZoneOffsetTransition


java.time.zone.ZoneOffsetTransitionRule



Misc classes

Class

Since

java.lang.Math

5.0.1

java.lang.StringBuffer


java.lang.StringBuilder


java.util.Base64


java.util.Objects

5.0.1

java.util.Optional


java.util.Random

5.0.1

java.util.UUID


java.util.regex.Matcher


java.util.regex.Pattern


java.net.InetAdress


java.nio.charset.Charset


java.nio.charset.StandardCharsets


java.security.SecureRandom

5.0.1

java.text.Collator

5.1

java.text.Normalizer


java.text.Normalizer.Form


Core interfaces

Class

Since

java.lang.Comparable

5.0.1

java.lang.Iterable

5.0.1

java.util.Comparator


java.util.Iterator

5.0.1

java.util.concurrent.Callable

5.0.1

java.util.function.BiConsumer

5.0.1

java.util.function.BiFunction

5.0.1

java.util.function.Consumer

5.0.1

java.util.function.Function

5.0.1

java.util.function.Predicate

5.0.1

java.util.function.Supplier

5.0.1


Exceptions

Class

Since

java.lang.ArithmeticException

5.0.1

java.lang.ArrayIndexOutOfBoundsException

5.0.1

java.lang.ClassCastException

5.0.1

java.lang.Exception

5.0.1

java.lang.IndexOutOfBoundsException

5.0.1

java.lang.IllegalArgumentException


java.lang.IllegalStateException

5.0.1

java.lang.NegativeArraySizeException

5.0.1

java.lang.NullpointerException


java.lang.NumberFormatException

5.0.1

java.lang.RuntimeException


java.lang.StringIndexOutOfBoundsException

5.0.1

java.lang.UnsupportedOperationException


java.util.ConcurrentModificationException

5.0.1

java.util.EmptyStackException

5.0.1

java.util.NoSuchElementException

5.0.1

java.util.regex.PatternSyntaxException

5.0.1

java.io.CharConversionException

5.0.1

java.io.EOFException

5.0.1

java.io.InterruptedIOException

5.0.1

java.io.IOException


java.io.NotSerializableException

5.0.1

java.io.UncheckedIOException

5.0.1

java.io.UnsupportedEncodingException

5.0.1

java.nio.charset.IllegalCharsetNameException

5.0.1

java.nio.charset.UnsupportedCharsetException

5.0.1

java.security.NoSuchAlgorithmException


java.time.DateTimeException


java.time.format.DateTimeParseException