@Override @SuppressWarnings({ "unchecked" }) public void render(HttpRequest request, HttpResponse response, BeanMap beanMap, SpiderBean bean) { Context cx = Context.enter(); ScriptableObject scope = cx.initSafeStandardObjects(); String windowScript = "var window = {};var document = {};"; cx.evaluateString(scope, windowScript, "window", 1, null); HtmlParser parser = new HtmlParser(request.getUrl(), response.getContent()); for (Element ele : parser.$("script")) { String sc = ele.html(); if (StringUtils.isNotEmpty(sc)) { try { cx.evaluateString(scope, sc, "", 1, null); } catch (Exception ex) { // ex.printStackTrace(); } } } Map<String, Object> fieldMap = new HashMap<String, Object>(); Set<Field> jsVarFields = ReflectionUtils.getAllFields(bean.getClass(), ReflectionUtils.withAnnotation(JSVar.class)); for (Field jsVarField : jsVarFields) { Object value = injectJsVarField(request, beanMap, jsVarField, cx, scope); if(value != null) { fieldMap.put(jsVarField.getName(), value); } } beanMap.putAll(fieldMap); Context.exit(); }
/** * Initialize the standard objects, leaving out those that offer access directly * to Java classes. This sets up "scope" to have access to all the standard * JavaScript classes, but does not create global objects for any top-level * Java packages. In addition, the "Packages," "JavaAdapter," and * "JavaImporter" classes, and the "getClass" function, are not * initialized. * * The result of this function is a scope that may be safely used in a "sandbox" * environment where it is not desirable to give access to Java code from JavaScript. * * Creates instances of the standard objects and their constructors * (Object, String, Number, Date, etc.), setting up 'scope' to act * as a global object as in ECMA 15.1.<p> * * This method must be called to initialize a scope before scripts * can be evaluated in that scope.<p> * * This method does not affect the Context it is called upon. * * @return the initialized scope */ public final ScriptableObject initSafeStandardObjects() { return initSafeStandardObjects(null, false); }
/** * Initialize the standard objects, leaving out those that offer access directly * to Java classes. This sets up "scope" to have access to all the standard * JavaScript classes, but does not create global objects for any top-level * Java packages. In addition, the "Packages," "JavaAdapter," and * "JavaImporter" classes, and the "getClass" function, are not * initialized. * * The result of this function is a scope that may be safely used in a "sandbox" * environment where it is not desirable to give access to Java code from JavaScript. * * Creates instances of the standard objects and their constructors * (Object, String, Number, Date, etc.), setting up 'scope' to act * as a global object as in ECMA 15.1.<p> * * This method must be called to initialize a scope before scripts * can be evaluated in that scope.<p> * * This method does not affect the Context it is called upon. * * @param scope the scope to initialize, or null, in which case a new * object will be created to serve as the scope * @return the initialized scope. The method returns the value of the scope * argument if it is not null or newly allocated scope object which * is an instance {@link ScriptableObject}. */ public final Scriptable initSafeStandardObjects(ScriptableObject scope) { return initSafeStandardObjects(scope, false); }
final Scriptable scope = cx.initSafeStandardObjects(); // that one disables "print, exit, quit", etc. initLibraries(cx, scope); return scope;
final Scriptable scope = cx.initSafeStandardObjects(); // that one disables "print, exit, quit", etc. initLibraries(cx, scope); return scope;