Open foxep2001 opened 5 years ago
@foxep2001 Thank you for reporting the issue!
Would it be possible to add curly braces for the if statement body for now as a workaround?
Would you have an idea how the regex could be improved to work in this scenario?
I wish we could add curly braces to solve this. The script is a client's auto-proxy discovery for their large network. We're a small app running on their system. So we didn't want to make their IT change their script.
I'll try some regex-foo and see if I can provide a solution for this case.
@mxro So here is a regex fix that worked for our specific case. I changed the first PoisonPil JsSanitizer regex from "(([^;]+;){9}[^;]+(?<!break|continue);\n" to "(([^;]+;){9}[^;]+(?<!break|continue);!(^[\W+]else))\n"
This will skip adding the interrupt function inside an if/else block where the conditional statement ends in a semicolon and the next text is the else. Do you think this is a satisfactory solution?
@foxep2001 That looks awesome! I think that should do the trick. Could you submit a pull request for this?
I could just add it myself but I wouldn't want any wrong characters to get into the regex when I take them from your comment here.
PR merged and new version released. Thank you!
Hello,
When using a proxy discovery library that utilizes nashorn-sandbox, an interrupt function is inserted in a spot that causes the evaluation to fail with a ScriptException. This appears similar to https://github.com/javadelight/delight-nashorn-sandbox/issues/66 but the cause is different.
The proxy detection script:
It causes the following stack trace.
It appears the JsSanitizer regex
(([^;]+;){9}[^;]+(?<!break|continue);)
ads an interrupt function on a return statement in the middle of a long else if statement. The resulting sanitized javascript fails when evaluated with the nashorn evaluator. Here's the sanitized java script.Here's a simple tester I used.
I've tested this with Java 8 build 172