The sandbox is not enforced yet from complexity and performance reasons. However we want to apply sandboxing or an equivalent strategy to limit the capabilities of script expressions. Yet, this is not easy. Sandbox privileges need to be chosen carefully and maintained. And then, some expressions may need to do stronger things than others. E.g. reporting expression should be tightly restricted, while scripting hooks should remain very powerful. This is introducing additional complexity.
This feature is a part of a much bigger feature set. See Expression Profiles: Full Implementation for more details.
Jira server Evolveum Jira serverId 701b45f2-090c-3276-8ac9-f45eedf731bc key MID-5193
- Script Expression
- Expression Profiles
- Expression Profiles: Full Implementation