Thread safety and event loops

[AsyncProxy]

I need to file a dangerous problem, at the same time that the JVM is open to JS, there are some APIs that can break the JS event loop, java.lang.Thread, if I start a Java thread in the engine, the JS engine terminates, but the thread will still run, if it is injected with malicious code, the consequences are unimaginable, is there a way to force termination.

[AsyncProxy]

new java.lang.Thread(() -> {
while(true){
console.log(1)
}
}).start()
Java threads started in JS cannot be terminated, and such threads will also break the event loop, causing servers such as http to directly throw stack errors during callbacks.

[caoccao]

Don't do that. You can have Java run rm -rf / as well. It's not the SDK's problem.

[AsyncProxy]

别这样。您也可以运行 Java。这不是 SDK 的问题。rm -rf /

I wonder if java.lang.Thread is started in JS, how does it work, is it a new scheduler thread? It's very uncomfortable to break the event loop like this, it's easy to be maliciously injected into such code and the execution of the code can't be terminated, I wonder how the started thread is running in V8, can it be detected and forcibly interrupted?

[AsyncProxy]

别这样。您也可以运行 Java。这不是 SDK 的问题。rm -rf /

In a pure environment, you can use System.exit to force quit, but android can't, once you quit, the whole app is closed.