We can list stuff we want to forbid:
Executing System.exit() Actually best might be to forbid calling all System methods.
- No file access
- Don't create Threads
- Forbid calling non JDK libs, including XWiki libs.
But I think it's much better to list things we want to allow (whitelist) since it's safer:
- XWiki APIs:
- com.xpn.xwiki.api package
- Script Services are bound in the context so no need to have any rule on that
And then slowly add more safe stuff when the use cases are found. I'm going to start with this.