diff --git a/app/src/androidTest/java/io/legado/app/AndroidJsTest.kt b/app/src/androidTest/java/io/legado/app/AndroidJsTest.kt index dfff5b529..78f60e93d 100644 --- a/app/src/androidTest/java/io/legado/app/AndroidJsTest.kt +++ b/app/src/androidTest/java/io/legado/app/AndroidJsTest.kt @@ -43,9 +43,12 @@ class AndroidJsTest { returnData.getErrorMsg() """.trimIndent() val result1 = RhinoScriptEngine.eval(js1) - Assert.assertEquals(result1, "未知错误,请联系开发者!").let { - - } + Assert.assertEquals(result1, "未知错误,请联系开发者!") + @Language("js") + val js2 = """ + let x = java.lang.Class.forName('android.app.ActivityThread') + """.trimIndent() + RhinoScriptEngine.eval(js2) } @Test diff --git a/app/src/main/assets/updateLog.md b/app/src/main/assets/updateLog.md index 34047bdbe..1ba82d5dc 100644 --- a/app/src/main/assets/updateLog.md +++ b/app/src/main/assets/updateLog.md @@ -12,12 +12,13 @@ * 正文出现缺字漏字、内容缺失、排版错乱等情况,有可能是净化规则或简繁转换出现问题。 * 漫画源看书显示乱码,**阅读与其他软件的源并不通用**,请导入阅读的支持的漫画源! -**2023/06/11** -* 更新cronet: 114.0.5735.60 +**2023/06/14** +* 更新cronet: 114.0.5735.60 * 修复长按菜单全文搜索结果不全或无结果问题 * 优化全文搜索速度 * 修复正文页数太多时并行获取问题 +* 禁用js调用一些类防止一些恶意书源 * 其它一些优化 * 其中一些更新由 Xwite, Horis 提供 diff --git a/modules/rhino1.7.3/src/main/java/com/script/rhino/RhinoClassShutter.kt b/modules/rhino1.7.3/src/main/java/com/script/rhino/RhinoClassShutter.kt index 330b7d391..657d18f87 100644 --- a/modules/rhino1.7.3/src/main/java/com/script/rhino/RhinoClassShutter.kt +++ b/modules/rhino1.7.3/src/main/java/com/script/rhino/RhinoClassShutter.kt @@ -38,9 +38,16 @@ object RhinoClassShutter : ClassShutter { private val protectedClasses by lazy { val protectedClasses = HashMap() - protectedClasses["java.lang.Runtime"] = java.lang.Boolean.TRUE - protectedClasses["java.io.File"] = java.lang.Boolean.TRUE - protectedClasses["java.security.AccessController"] = java.lang.Boolean.TRUE + protectedClasses["java.lang.Class"] = true + protectedClasses["java.lang.Runtime"] = true + protectedClasses["java.io.File"] = true + protectedClasses["java.security.AccessController"] = true + protectedClasses["java.nio.file.Paths"] = true + protectedClasses["java.nio.file.Files"] = true + protectedClasses["io.legado.app.data.AppDatabaseKt"] = true + protectedClasses["android.content.Intent"] = true + protectedClasses["androidx.core.content.FileProvider"] = true + protectedClasses["android.provider.Settings"] = true protectedClasses } diff --git a/modules/rhino1.7.4/src/main/java/com/script/rhino/RhinoClassShutter.kt b/modules/rhino1.7.4/src/main/java/com/script/rhino/RhinoClassShutter.kt index 726963b8e..af4800d07 100644 --- a/modules/rhino1.7.4/src/main/java/com/script/rhino/RhinoClassShutter.kt +++ b/modules/rhino1.7.4/src/main/java/com/script/rhino/RhinoClassShutter.kt @@ -38,9 +38,16 @@ object RhinoClassShutter : ClassShutter { private val protectedClasses by lazy { val protectedClasses = HashMap() - protectedClasses["java.lang.Runtime"] = java.lang.Boolean.TRUE - protectedClasses["java.io.File"] = java.lang.Boolean.TRUE - protectedClasses["java.security.AccessController"] = java.lang.Boolean.TRUE + protectedClasses["java.lang.Class"] = true + protectedClasses["java.lang.Runtime"] = true + protectedClasses["java.io.File"] = true + protectedClasses["java.security.AccessController"] = true + protectedClasses["java.nio.file.Paths"] = true + protectedClasses["java.nio.file.Files"] = true + protectedClasses["io.legado.app.data.AppDatabaseKt"] = true + protectedClasses["android.content.Intent"] = true + protectedClasses["androidx.core.content.FileProvider"] = true + protectedClasses["android.provider.Settings"] = true protectedClasses }