Java - How do I sandbox ScriptEngineManager?

I can easily execute JavaScript using the built-in ScriptEngineManager. However, it gives full permission to JavaScript, which is a big problem for me.

It allows dangerous commands such as:

javax.swing.JOptionPane.showMessageDialog(null, "Hello, Server!");
java.lang.System.exit(0);

How do I limit the availability of Java functions in the Javascript Engine?

Solution

The sandbox by default blocks access to all Java classes.

NashornSandbox sandbox = NashornSandboxes.create();
sandbox.allow(File.class);  
sandbox.eval("var File = Java.type('java.io.File'); File;")

delight-nashorn-sandbox

NoClassDefFoundError org/apache/poi/ss/usermodel/Workbook
Tinkerpop vertex property single cardinality is not working
What's the difference between ZonedDateTime and OffsetDateTime?
Error: The method add(Shape) in the type ArrayList<Shape> is not applicable for the arguments (Shape.Rectangle)
How do I save ArrayLists with different names in a while loop?
How to parse a BPMN file with Java?
IntelliJ - test configuration. How to configure once run for everyone?
Jasper Reports: JRBeanCollectionDataSource cannot be resolved to a type
What is a "static class" in Java?
Spring's @RequestParam with Enum
Do Java arrays have a maximum size?
How to automatically convert if-else if statement to switch
net.sf.jsqlparser.parser.ParseException: Encountered unexpected token: "@" "@"
Java: Making System.out.println() argument span multiple lines?
Identifier versus keyword
How can I multiply all the digits in an integer (between 000 & 1000 exclusive) without using control statements or loops?
Jackson deserialize generic class with field T as POJO or String array
Role-based authentication not working with Keycloak and Java Spring
Installing two apk using one apk
@KafkaHandler in the consumer doesn't consume the topic message as an object class, only as a string
map vs flatMap in reactor
Request Matcher not working to permit allowed path
Java - Sending an object that points to a BufferedImage through a Socket
does NewDirectByteBuffer create a copy in native code
Excel-like JTable Cell Editor, with an empty cell at edition start
Adding binary numbers
Java Spring API NoClassDefFoundError: javax/persistence/EntityManagerFactory
Leetcode - Find the student that will replace the chalk
UnsatisfiedDependencyException: Error creating bean with name
Is there a way to save multiple config files in a sub-folder of the plugin-folder (Spigot & Maven)