In addition, WrapFactory has the new setJavaPrimitiveWrap method to control if instances of Java String and Number class should be wrapped to special script objects as any other Java objects so a script can access any method String and Number, or they should be converted to JavaScript primitive strings and numbers.
Igor Bukanov contributed a new security implementation that allows integration with Java2 security model and prevents scripts to escape the security sandbox via eval/Function schemes.
Due to this changes SecuritySupport interface is replaced by ClassShutter and SecurityController, where ClassShutter controls which classes are visible to scripts via LiveConnect and SecurityController provides permission management. For compatibility SecuritySupport is still available as a deprecated interface but only its visibleToScripts method is used as an alias for ClassShutter.visibleToScripts. See API documentation for new classes for details.
An implementation of SecurityController that uses java policy settings to restrict script permissions based on its URL is available with Rhino shell. See the JavaPolicySecurity source for details. To activate it, set the rhino.use_java_policy_security system property to true when invoking Rhino shell together with installing a security manager.
// create class loader
var loader = new java.net.URLClassLoader([new java.net.URL("file:./foo.jar")]);
// create its LiveConnect wrapper
var fooJar = new Packages(loader);
// create an instance of the class For from foo.jar
var obj = new fooJar.Foo(1, 2, 3);
obj.someMethod();
61579 -
context.decompileScript doesn't work.
72021 -
The ScriptRuntime class tries to convert even the String values to JavaNativeObject
83051 -
A function defined under a with block can't be invoked outside it
104089 -
Cannot reattach context to its thread because of the bug in Context class
105438 -
SourceName and lineNumbers of syntax errors in Javascript files not dispalyed.
106548 -
/^.*?$/ will not match anything
114583 -
script compile/decompile bug
114969 -
[], [^] are valid RegExp conditions
115717 -
java.lang.ArrayIndexOutOfBoundsException on with/try/finally
120194 -
JS toInt32(x) conversion doesn't match ECMAScript definition
122167 -
string.replace() placeholder '$1' not working
123439 -
Backreferences /(a)? etc./ must hold |undefined| if not used
124508 -
regexp.lastIndex should be integer-valued double, not uint32
124900 -
arguments object storing duplicate parameter values
125562 -
Regexp performance improvement
126317 -
Crash on re.exec(str) if re.lastIndex set to certain values
126722 -
(undefined === null) evaluating to true in Rhino compiled mode
128468 -
java.io.NotSerializableException: org.mozilla.javascript.NativeError
129365 -
Incorrect licensing in dtoa.java
132217 -
delete on global function should not delete the function
136893 -
Rhino treatment of |for(i in undefined)|, |for(i in null)|
137181 -
delete on an arguments[i] not working correctly
145791 -
ECMA conformance: Function.prototype.apply(), Function.prototype.call()
149285 -
Complier does not report the correct line number on SyntaxError:Invalid assignment left-hand side.
151337 -
EcmaError.getLineSource() returns 0x0 characters.
153223 -
New RegExp engine in Rhino
154693 -
Interpreted mode doesn't grok different functions on different objects
156510 -
for (i in undefined) {} should not throw TypeError
157196 -
ScriptableObject needs custom serialization implementation
157509 -
No error on invalid usage of \ in identifiers
158159 -
Should Rhino support octal escape sequences in regexps?
159334 -
The javascript functions size is limited by a bug
164947 -
Debugging unique.js produce a stack trace and erratic results
166530 -
ClassCostException in FunctionObject static initializer
169830 -
Array.concat(function) doesn't add function to the array
173180 -
Rhino UTF-8 decoder accepts overlong sequences
173906 -
Dynamic scope not working correctly with optimzation level >= 1
175383 -
ArrayIndexOutOfBoundsException in string.replace()
177314 -
Rhino should allow '\400' to mean ' 0'
179068 -
String literals in Rhino are limited to 64K
179366 -
--> after whitespace after line start should mean comments to line end
181654 -
Calling toString for an object derived from the Error class throws TypeError
181834 -
wrong scope used for inner functions when compiling functions with dynamic scopes (interpreted only)
181909 -
some regression tests for Error invalid
182028 -
Calling has() in get() of a ScriptableObject causes getter function to not be called
184107 -
with(...) { function f ...} should set f in the global scope
184111 -
ArrayOutOfBounds Exception thrown when using Rhino Javascript Debugger
185165 -
Decompilation of "\\" gives broken "\"
189183 -
Debugger source frame window layering fix
189898 -
Broken String.replace: "XaXY".replace("XY", "--") gives --aXY