Message12944
If I perform the module creation (on engine creation) unconditionally, I get a behaviour quite similar to Python script execution from the command-line and standard eval in the REPL:
>>> from javax.script import *
>>> engine = ScriptEngineManager().getEngineByName("python")
>>> c = SimpleScriptContext()
>>> engine.eval("print globals().keys()")
['__builtins__', '__doc__', '__name__', '__package__']
>>> engine.eval("print __name__")
__main__
So __name__ == "__main__" and a module with the engine's name space is added to sys.modules.
This does not otherwise interfere with the thread-bound globals/locals, so although I don't understand the use case for it, I feel this can't have broken it.
I *do* understand the use case for swapping the name space, when a Bindings object (or a ScriptContext) is given explicitly. These behave (as before) parallel with exec/eval when explicitly given a dictionary:
>>> engine.eval("print globals().keys()", c)
['__builtins__']
>>> engine.eval("print __name__", c)
__builtin__
The isolation of name spaces supports re-use of the engine, but there is no security value in it. With an explicit Bindings or ScriptContext, the namespace of the engine is reachable via sys.modules:
>>> engine.eval("import sys; print sys.modules['__main__'].__dict__.keys()", c)
['__builtins__', '__doc__', '__name__', '__package__']
Now in the code base at https://hg.python.org/jython/rev/58d45a33c32f . |
|
Date |
User |
Action |
Args |
2020-01-30 08:16:47 | jeff.allen | set | messageid: <1580372207.03.0.446675654174.issue2846@roundup.psfhosted.org> |
2020-01-30 08:16:47 | jeff.allen | set | recipients:
+ jeff.allen, zyasoft, alexgobbo |
2020-01-30 08:16:46 | jeff.allen | link | issue2846 messages |
2020-01-30 08:16:45 | jeff.allen | create | |
|