...
| Code Block | ||
|---|---|---|
| ||
// First sanitize firstName (modify if the name may include special characters)
if(!firstName.matches("[a-zA-Z\\w]*")) { // String does not match white-listed characters
throw new IllegalArgumentException();
}
// Restrict permission using the two-argument form of doPrivileged()
try {
AccessController.doPrivileged(new PrivilegedExceptionAction() {
public Object run() throws ScriptException {
engine.eval("print('"+ firstName + "')");
return null;
}
}, RestrictedAccessControlContext.INSTANCE);
} catch(PrivilegedActionException pae) {
// Handle
}
|
...