I am writing an application which allow users of my application to extend it using Clojure. The Clojure is entered via a web page in the application and "evaled" to run. My question is how can I sandbox this code entered by the users so that it does not corrupt anything or call System.exit or anything like that?
You should be able to constrain access to code by configuring JDK level permissions. Have a look at the RuntimePermission settings, there's for example a direct setting to inhibit halting the JVM (e.g. System.exit
).