Interrest in a version based on standalone Nashorn?
obourgain opened this issue · 4 comments
Nashorn has been removed from JDK 15 and some people took the maintainance burden https://github.com/openjdk/nashorn.
This version has few changes, the most noticeable one being the change in package name.
Would there be interrest in using this version of Nashorn instead of the JDK one? I can provided a PR in such case.
@obourgain Thank you for raising this issue.
Sounds like a good idea. Would there be any issues for those using older version of Java?
It seems that standalone nashorn is compiled to Java 11, so it won't run on older versions.
I think we can detect at runtime whether JDK Nashorn or standalone Nashorn is present.
Then the code needs to handle both cases, but that seems doable.
In src/main/java there are only 3 occurences of import jdk.nashorn:
1- JsSanitizer to handle ScriptObjectMirror, we can make the code a bit smarter and handle both jdk.nashorn.api.scripting.ScriptObjectMirror and org.openjdk.nashorn.api.scripting.ScriptObjectMirror. As each class may not be present at runtime we need a guard before the instanceof.
2- in NashornSandboxImpl to instantiate the NashornScriptEngineFactory, and again we can detect which one is present at runtime just at instantiation time, then use it though the interface ScriptEngine
3- in SandboxClassFilter which implements an interface from Nashorn ClassFilter and then in NashornSandboxImpl. Here we could make SandboxClassFilter not implement ClassFilter directly, but instead have two subclasses that implements jdk.nashorn.api.scripting.ClassFilter and org.openjdk.nashorn.api.scripting.ClassFilter.
There are other occurences in tests, one for a cast to ScriptObjectMirror and one for a new new NashornScriptEngineFactory() so thats similar to uses in production code.
I started to work on this here #111
Merged the PR to Master, and released as 0.2.0 - thanks heaps for the work 🙌!
I migrated build to GitHub actions and it builds fine on 11+. I did some initial investigation and checking the compiled JAR for other version, but couldn't yet find of a good/easy way to do this: https://github.com/javadelight/delight-nashorn-sandbox/blob/master/.github/workflows/build.yml#L45
I guess also good to see if this would cause any problems out in the wild, thus added a few comments to the README (https://github.com/javadelight/delight-nashorn-sandbox#maven) and upped the minor version number.
Closing this issue as changes have been merged.