猿问

我可以在java中使用来自服务器回调的javascript函数吗?

我正在制作一些关于不使用浏览器服务的 Java 项目。

所以,我想使用来自服务器的一些 JavaScript 函数(这是我的 POST 的回调)

我看到很多关于在 Java 中使用 JavaScript 的代码,但它来自本地文件。

我想一个解决方案:

当回调即将到来时,保存此代码并再次使用它。但我认为这对我们的项目来说不是最佳的。

你能给我任何其他解决方案吗?

先感谢您。


白衣非少年
浏览 153回答 2
2回答

交互式爱情

是的,你可以,正如@Daniel Baranowski 上面建议的那样。不,你绝对不应该。运行客户提交的任何代码都会使您面临极大的风险。它可以访问您的文件系统吗?那你就麻烦了。它可以执行网络调用吗?那你也有麻烦了。即使您阻止了这些选项,您是否检查此用户代码是否及时终止?

江户川乱折腾

这当然是可能的,但它会使您面临巨大的安全风险。没有什么能阻止您直接从 String 运行 JavaScript 代码。将其保存在文件中不是必需的。您可以获取发送到您的服务器的 POST 的正文,并像这样执行它:&nbsp;package example;&nbsp; &nbsp; &nbsp; &nbsp; import jdk.nashorn.api.scripting.JSObject;&nbsp; &nbsp; &nbsp; &nbsp; import jdk.nashorn.api.scripting.NashornScriptEngine;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; import javax.script.ScriptEngineManager;&nbsp; &nbsp; &nbsp; &nbsp; import javax.script.ScriptException;&nbsp; &nbsp; &nbsp; &nbsp; public class Example {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; private final ThreadLocal<NashornScriptEngine> engineHolder;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; public Example() {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; // You don't need to run code from files. The code can be a string which was posted to your server.&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; String jsCodeToRun = "function helloWorld(name) { return { value: 'Hello' + name } }"&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; this.engineHolder = ThreadLocal.withInitial(() -> {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; NashornScriptEngine nashornScriptEngine = (NashornScriptEngine) new ScriptEngineManager().getEngineByName("nashorn");&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; try {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; nashornScriptEngine.eval(jsCodeToRun);&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; } catch (ScriptException e) {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; throw new RuntimeException(e);&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; return nashornScriptEngine;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; });&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;public JSObject runTheCode(String name) {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; try {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; JSObject result = (JSObject) engineHolder.get().invokeFunction("helloWorld", name);&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; // The result will be an object returned by our helloWorld function.&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; return result;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; } catch (Exception e) {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; throw new IllegalStateException(e);&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; &nbsp; &nbsp; }
随时随地看视频慕课网APP

相关分类

Java
我要回答