Skip to content

Commit

Permalink
BATIK-1345: Restrict what java classes can be run thru rhino
Browse files Browse the repository at this point in the history 
git-svn-id: https://svn.apache.org/repos/asf/xmlgraphics/batik/trunk@1904565 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information
@simonsteiner1984
simonsteiner1984 committed Oct 13, 2022
1 parent eada57c commit 401aa85
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion batik-script/src/main/java/org/apache/batik/script/rhino/RhinoClassShutter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ public void test(String cls) {
* Returns whether the given class is visible to scripts.
*/
public boolean visibleToScripts(String fullClassName) {
if (fullClassName.startsWith("java.") && !WHITELIST.contains(fullClassName) && !fullClassName.endsWith("Permission")) {
if (!WHITELIST.contains(fullClassName) && !fullClassName.endsWith("Permission") && !fullClassName.startsWith("org.")) {
return false;
}

Expand Down

0 comments on commit 401aa85

Please sign in to comment.