I don't want my users to be able to call anything which I don't provide them (usually through some sort of context object). Most of their scripts will be arithmetic and logical expressions, in some cases they will need to traverse object properties (getters/setters) or contents of a Map. I just don't want them to escape the sandbox I provide them.
Any suggestions? Looks like Java's JSP language (UEL) can do it. In order to access Java's static methods, they have to be aliased in an xml file--and I don't think non-static methods can be accessed. I can't confirm this since I can't get glassfish's UEL to work yet.
以上就是java expression language that can't access 'unsafe' java methods的详细内容，更多请关注web前端其它相关文章！