Security

NovoScript does its best to protect you against malicious code, including using a sandbox and restricting I/O operations.

Allowed Java.type() classes

NovoScript allows you to reference specific Java classes, to make the API easier-to-use and reduce clutter by using already existing implementations. Here's the list of reference-able classes:

  1. All classes in package java.time.

  2. All classes in package java.net.http.

  3. All classes in package java.nio.

  4. java.util.UUID

  5. All classes in package org.lwjgl.input.

  6. All classes in package org.lwjgl.opengl.

  7. io.netty.buffer.Unpooled

  8. java.util.concurrent.ThreadLocalRandom

  9. java.lang.Float

Java API restrictions

You are not allowed to (attempting to execute these will result in a SecurityException):

  1. Execute any applications

  2. Read/write/delete arbitrary files

  3. Reference symbolic links

  4. Use Java Reflection/MethodHandles

You are allowed to:

  1. Read/write/delete to the Client folder (directories.root), except alts.novo and proxies.novo

PreviousCastsNextGlobals

Last updated