Sandboxing in scripts
Sandboxing is a technique to restrict the usage of Java code in scripts. The purpose is to ensure reliable and robust execution and to make sure that only techniques that will be available in future releases of Sitevision is being used in custom applications.
Server-side Javascript execution is sandboxed and only explicitly white-listed Java classes will be allowed. Trying to create or access a non-whitelisted Java class will raise an error that aborts execution of the script.
Note that an existing script can not be modified without being sandboxed:
- Existing scripts that hasn't been modified in Sitevision 5 or later will not be sandboxed
- Existing scripts that has been modified in Sitevision 5 or later will be sandboxed
- Scripts that has been created in Sitevision 5 or later will be sandboxed
Java Whitelist
The white-list basically contains all interfaces/classes/enums/exceptions of the the Sitevision Public API. It also contains all core Java classes/enums/exceptions that is thrown or used as argument or as return value of the Public API.
Sitevision Public API
All interfaces/classes/enums/exceptions in a Public API package: |
---|
javax.jcr.* |
senselogic.sitevision.api.* |
Core classes
Class | Since |
---|---|
java.lang.Boolean | |
java.lang.Byte | |
java.lang.Character | |
java.lang.Double | |
java.lang.Float | |
java.lang.Integer | |
java.lang.Long | |
java.lang.Number | 6.1 |
java.lang.Object | 5.0.1 |
java.lang.Short | 5.1 |
java.lang.String | |
java.util.Date | |
java.util.Calendar | |
java.util.Locale | |
java.math.BigDecimal | |
java.math.BigInteger |
Collection-related classes
Class | Since |
---|---|
java.util.ArrayDeque | 5.1 |
java.util.ArrayList | |
java.util.Arrays | |
java.util.Collections | |
java.util.ConcurrentHashMap | |
java.util.EnumMap | |
java.util.EnumSet | |
java.util.HashSet | |
java.util.HashMap | |
java.util.Hashtable | |
java.util.LinkedHashMap | |
java.util.LinkedHashSet | 5.0.2 |
java.util.LinkedList | 5.1 |
java.util.Stack | 5.1 |
java.util.TreeMap | 5.0.1 |
java.util.TreeSet | 5.0.2 |
java.util.Vector | |
java.util.stream.Collectors | 5.0.1 |
IO-related classes
Class | Since |
---|---|
java.io.BufferedInputStream | |
java.io.BufferedReader | 5.0.1 |
java.io.ByteArrayInputStream | 5.0.1 |
java.io.CharArrayReader | 5.0.1 |
java.io.DataInputStream | 5.0.1 |
java.io.InputStreamReader | 5.0.1 |
java.io.StringWriter |
Formatting-related classes
Class | Since |
---|---|
java.text.SimpleDateFormat | |
java.time.format.DateTimeFormatter | |
java.time.format.DateTimeFormatterBuilder | |
java.time.FormatStyle |
Time-related classes
Class | Since |
---|---|
java.util.GregorianCalendar | |
java.util.TimeZone | |
java.util.SimpleTimeZone | |
java.util.concurrent.TimeUnit | |
java.time.Instant | |
java.time.Duration | |
java.time.Period | |
java.time.LocalDate | |
java.time.LocalDateTime | |
java.time.LocalTime | |
java.time.OffsetDateTime | |
java.time.OffsetTime | |
java.time.ZonedDateTime | |
java.time.ZoneOffset | |
java.time.ZoneId | |
java.time.Year | |
java.time.YearMonth | |
java.time.Month | |
java.time.MonthDay | |
java.time.DayOfWeek | |
java.time.temporal.ChronoUnit | |
java.time.temporal.ChronoField | |
java.time.temporal.IsoFields | |
java.time.temporal.WeekFields | |
java.time.temporal.TemporalAdjusters | |
java.time.zone.ZoneRules | |
java.time.zone.ZoneRulesProvider | 8 |
java.time.zone.ZoneOffsetTransition | |
java.time.zone.ZoneOffsetTransitionRule |
Misc classes
Class | Since |
---|---|
java.lang.Math | 5.0.1 |
java.lang.StringBuffer | |
java.lang.StringBuilder | |
java.util.Base64 | |
java.util.Objects | 5.0.1 |
java.util.Optional | |
java.util.Random | 5.0.1 |
java.util.UUID | |
java.util.regex.Matcher | |
java.util.regex.Pattern | |
java.net.InetAdress | |
java.nio.charset.Charset | |
java.nio.charset.StandardCharsets | |
java.security.SecureRandom | 5.0.1 |
java.text.Collator | 5.1 |
java.text.Normalizer | |
java.text.Normalizer.Form |
Core interfaces
Class | Since |
---|---|
java.lang.Comparable | 5.0.1 |
java.lang.Iterable | 5.0.1 |
java.util.Comparator | |
java.util.Iterator | 5.0.1 |
java.util.concurrent.Callable | 5.0.1 |
java.util.function.BiConsumer | 5.0.1 |
java.util.function.BiFunction | 5.0.1 |
java.util.function.Consumer | 5.0.1 |
java.util.function.Function | 5.0.1 |
java.util.function.Predicate | 5.0.1 |
java.util.function.Supplier | 5.0.1 |
Exceptions
Class | Since |
---|---|
java.lang.ArithmeticException | 5.0.1 |
java.lang.ArrayIndexOutOfBoundsException | 5.0.1 |
java.lang.ClassCastException | 5.0.1 |
java.lang.Exception | 5.0.1 |
java.lang.IndexOutOfBoundsException | 5.0.1 |
java.lang.IllegalArgumentException | |
java.lang.IllegalStateException | 5.0.1 |
java.lang.NegativeArraySizeException | 5.0.1 |
java.lang.NullpointerException | |
java.lang.NumberFormatException | 5.0.1 |
java.lang.RuntimeException | |
java.lang.StringIndexOutOfBoundsException | 5.0.1 |
java.lang.UnsupportedOperationException | |
java.text.ParseException | 6.1 |
java.util.ConcurrentModificationException | 5.0.1 |
java.util.EmptyStackException | 5.0.1 |
java.util.NoSuchElementException | 5.0.1 |
java.util.regex.PatternSyntaxException | 5.0.1 |
java.io.CharConversionException | 5.0.1 |
java.io.EOFException | 5.0.1 |
java.io.InterruptedIOException | 5.0.1 |
java.io.IOException | |
java.io.NotSerializableException | 5.0.1 |
java.io.UncheckedIOException | 5.0.1 |
java.io.UnsupportedEncodingException | 5.0.1 |
java.nio.charset.IllegalCharsetNameException | 5.0.1 |
java.nio.charset.UnsupportedCharsetException | 5.0.1 |
java.security.NoSuchAlgorithmException | |
java.time.DateTimeException | |
java.time.format.DateTimeParseException | |
java.time.temporal.UnsupportedTemporalTypeException | 8 |
java.time.zone.ZoneRulesException | 8 |