You are viewing a plain text version of this content. The canonical link for it is here.

Posted to batik-commits@xmlgraphics.apache.org by ss...@apache.org on 2022/10/13 11:05:28 UTC

svn commit: r1904565 - /xmlgraphics/batik/trunk/batik-script/src/main/java/org/apache/batik/script/rhino/RhinoClassShutter.java

Author: ssteiner
Date: Thu Oct 13 11:05:28 2022
New Revision: 1904565

URL: http://svn.apache.org/viewvc?rev=1904565&view=rev
Log:
BATIK-1345: Restrict what java classes can be run thru rhino

Modified:
    xmlgraphics/batik/trunk/batik-script/src/main/java/org/apache/batik/script/rhino/RhinoClassShutter.java

Modified: xmlgraphics/batik/trunk/batik-script/src/main/java/org/apache/batik/script/rhino/RhinoClassShutter.java
URL: http://svn.apache.org/viewvc/xmlgraphics/batik/trunk/batik-script/src/main/java/org/apache/batik/script/rhino/RhinoClassShutter.java?rev=1904565&r1=1904564&r2=1904565&view=diff
==============================================================================
--- xmlgraphics/batik/trunk/batik-script/src/main/java/org/apache/batik/script/rhino/RhinoClassShutter.java (original)
+++ xmlgraphics/batik/trunk/batik-script/src/main/java/org/apache/batik/script/rhino/RhinoClassShutter.java Thu Oct 13 11:05:28 2022
@@ -59,7 +59,7 @@ public class RhinoClassShutter implement
      * Returns whether the given class is visible to scripts.
      */
     public boolean visibleToScripts(String fullClassName) {
-        if (fullClassName.startsWith("java.") && !WHITELIST.contains(fullClassName) && !fullClassName.endsWith("Permission")) {
+        if (!WHITELIST.contains(fullClassName) && !fullClassName.endsWith("Permission") && !fullClassName.startsWith("org.")) {
             return false;
         }