You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Carsten Ziegeler (Jira)" <ji...@apache.org> on 2023/04/12 07:20:00 UTC

[jira] [Resolved] (SLING-524) Restrict JavaScript Engine to allow running untrusted scripts for user-driven templating

     [ https://issues.apache.org/jira/browse/SLING-524?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Carsten Ziegeler resolved SLING-524.
------------------------------------
    Resolution: Won't Fix

> Restrict JavaScript Engine to allow running untrusted scripts for user-driven templating
> ----------------------------------------------------------------------------------------
>
>                 Key: SLING-524
>                 URL: https://issues.apache.org/jira/browse/SLING-524
>             Project: Sling
>          Issue Type: New Feature
>          Components: Scripting
>    Affects Versions: Scripting JavaScript 2.0.2
>            Reporter: Lars Trieloff
>            Priority: Major
>         Attachments: SLING-524.patch
>
>
> If you want to allow users to run custom scripts inside sling, for instance to allow them to theme personal websites or blogs it is necessary to restrict the capabilities of the scripting environment so that users do not run scripts that access system files, run resource-draining scripts or harm the system in other ways.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)