Sandboxing

Sandboxing is a technique to restrict the usage of Java code in WebApps and RestApps. The purpose is to ensure reliable and robust execution of WebApps/RESTApps and to make sure that only techniques that will be available in future releases of SiteVision is being used in custom applications.

Server-side Javascript execution in WebApps/RESTApps is sandboxed and only explicitly white-listed Java classes will be allowed.

  • WebApps/RESTApps in SiteVision Cloud
    All WebApps and RESTApps running in SiteVision cloud will be sandboxed as of SiteVision 5.
  • WebApps/RESTApps on-premise
    WebApps and RESTApps of Add-ons created in SiteVision 5 or later will be sandboxed. Apps that are deployed to Add-ons created before SiteVision 5 will continue to execute outside the sandbox.

Java Whitelist

The white-list basically contains all interfaces/classes/enums/exceptions of the the SiteVision Public API. It also contains all core Java classes/enums/exceptions that is thrown or used as argument or as return value of the Public API.

SiteVision Public API

All interfaces/classes/enums/exceptions in a Public API package:

javax.jcr.*

senselogic.sitevision.api.*

Base classes returned or used as arguments in the Public API

Class

java.lang.Boolean

java.lang.String

java.lang.Byte

java.lang.Integer

java.lang.Long

java.math.BigInteger

java.lang.Float

java.lang.Double

java.math.BigDecimal

java.util.Date

java.util.Calendar

java.util.Locale

java.net.InetAdress

IO-related classes returned or used as arguments in the Public API

Class

java.io.PrintWriter

java.io.StringWriter

java.io.BufferedInputStream

Collection-related classes returned or used as arguments in the Public API

Class

java.util.Arrays

java.util.Collections

java.util.ArrayList

java.util.Vector

java.util.HashSet

java.util.HashMap

java.util.Hashtable

java.util.LinkedHashMap

java.util.ConcurrentHashMap

Generic Java Exceptions thrown from Public API

Class

java.lang.NullpointerException

java.lang.IllegalArgumentException

java.lang.UnsupportedOperationException

java.lang.RuntimeException

java.io.IOException

Misc classes

Class

java.lang.StringBuilder

java.lang.StringBuffer

java.util.regex.Matcher

java.util.regex.Pattern

java.text.Normalizer

java.text.Normalizer.Form

java.util.Optional

java.util.UUID

java.security.SecureRandom

java.nio.charset.Charset

java.nio.charset.StandardCharsets

java.util.Base64

Time-related classes

Class

java.text.SimpleDateFormat

java.util.concurrent.TimeUnit

java.util.GregorianCalendar

java.util.TimeZone

java.util.SimpleTimeZone

java.time.Instant

java.time.Duration

java.time.Period

java.time.LocalDate

java.time.LocalDateTime

java.time.LocalTime

java.time.OffsetDateTime

java.time.OffsetTime

java.time.ZonedDateTime

java.time.ZoneOffset

java.time.ZoneId

java.time.Year

java.time.YearMonth

java.time.Month

java.time.MonthDay

java.time.DayOfWeek

java.time.temporal.ChronoUnit

java.time.temporal.ChronoField

java.time.temporal.IsoFields

java.time.temporal.WeekFields

java.time.temporal.TemporalAdjusters

java.time.zone.ZoneRules

java.time..zone.ZoneOffsetTransition

java.time.zone.ZoneOffsetTransitionRule

java.time.format.DateTimeFormatter

java.time.format.DateTimeFormatterBuilder

java.time.FormatStyle