Allow hiding Java exception implementation details from catch block #964
Conversation
|
I think the feature flag is a good approach for this. I run Rhino in an environment where users are aware they are running on Java, and frequently utilize Java libraries in their scripts, so I would not want to lose the current behavior, as it helps with troubleshooting. |
|
Yes, definitely the feature flag approach is good. There are plenty of
cases in which Java code is embedded in Rhino and executed in turn by more
Java code that needs to see the original exception.
…On Tue, Jun 29, 2021 at 1:26 AM tonygermano ***@***.***> wrote:
I think the feature flag is a good approach for this. I run Rhino in an
environment where users are aware they are running on Java, and frequently
utilize Java libraries in their scripts, so I would not want to lose the
current behavior, as it helps with troubleshooting.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#964 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAD7I25ME5SVLRC746EWE53TVF7U5ANCNFSM47O6R7LQ>
.
|
|
Sounds good to me. This PR currently names the feature flag |
|
Wondering if you are also already disabling stuff like:
Just wondering if this calls for yet another, quite specific flag or if there's some other way we can be clever about this. For example only include the Java Exception details if the above stuff is also initiated |
|
Good idea. We're already using Context.setClassShutter to hide all Java classes: so we could use ScriptRuntime.isVisible without adding a new ContextFactory flag: Thoughts? |
|
If you're not exposing any classes (visibleToScripts always returning false), how are you initializing your standard objects? Because if you go through ScriptRuntime.initSafeStandardObjects (and never through ScriptRuntime.initStandardObjects), isn't the ability to access Java Classes disabled completely (without having to implement the classShutter)? My idea was to only enable the Java Exception details inside JavaScript when the init was done through ScriptRuntime.initStandardObjects, which enables Java class access, so it would make sense to then also have access to the Java Exception details Not sure if this would work for you and what others think about this approach |
|
This seems like a pretty handy feature to me and looks good. But I'll see if others have opinions on the alternative approach that's being suggested for a day or so. |
We use initSafeStandardObjects, but the ClassShutter is still used in ScriptRuntime.newCatchScope to avoid making the Rhino-specific properties |
|
This looks good to me. If no one else has any objections I'll merge it soon. |
As discussed in #911, currently, if a script catches an error that originated from a native Java Exception, Rhino exposes an error object to the catch block with a message like "JavaException: java.lang.RuntimeException: exception message".
However, users running JavaScript code via systems using Rhino do not necessarily know that their JavaScript code is being executed with Rhino/Java, so it's confusing that some error messages are prefixed by "JavaException: (Java class name):". I'd like some way to avoid exposing these implementation details to the user, but it currently doesn't seem possible to override this behavior, which is implemented in the static function
ScriptRuntime.newCatchScope.This PR implements one possible way to override this behavior, by adding a feature flag to the ContextFactory. If the feature flag
Context.FEATURE_HIDE_WRAPPED_EXCEPTIONSis set, the error message will hide the Java implementation details, and the exception message would look like "InternalError: exception message".Possible alternative approaches:
Closes #911