Add CLR Objects with CRL Disabled in Jint

Jun 27, 2012 at 11:56 PM
Edited Jun 28, 2012 at 12:07 AM

 

Hi there, at the moment i am doing this:

 

   public class test
    {
        public test()
        {

        }
        public static string test()
        {
            return "success";
        }
    }
 ...
  engine.SetParameter("testl", new test());

But for security reasons, i need the CLR to be turned off in Jintengine, how can i add my CLR Objects to the engine anyway?

Edit:

The reason i am asking this is because my application is ran with Mono (monoproject) on Linux,  and Mono currently doesn't support the JintEngine.AddPermission function.

That is a huge problem for my application, since users could simply remove any file they have access to on the server.

My current implementation to limit users to use the System namespace is to not execute scripts if they contain "system"-string. But that could propably be evaded somehow, perhaps by using eval and string.fromcharcode.