diff --git a/main/plugins/org.talend.librariesmanager/resources/java/routines/system/JSONObject.java b/main/plugins/org.talend.librariesmanager/resources/java/routines/system/JSONObject.java
index 5df4221aeb..218fb42df4 100644
--- a/main/plugins/org.talend.librariesmanager/resources/java/routines/system/JSONObject.java
+++ b/main/plugins/org.talend.librariesmanager/resources/java/routines/system/JSONObject.java
@@ -243,10 +243,37 @@ public class JSONObject {
      * 
      * @param bean An object that has getter methods that should be used to make a JSONObject.
      */
+    @Deprecated
     public JSONObject(Object bean) {
         this();
         populateMap(bean);
     }
+    
+    /**
+     * Construct a JSONObject from an Object using bean getters. It reflects on all of the public methods of the object.
+     * For each of the methods with no parameters and a name starting with <code>"get"</code> or <code>"is"</code>
+     * followed by an uppercase letter, the method is invoked, and a key and the value returned from the getter method
+     * are put into the new JSONObject.
+     * 
+     * The key is formed by removing the <code>"get"</code> or <code>"is"</code> prefix. If the second remaining
+     * character is not upper case, then the first character is converted to lower case.
+     * 
+     * For example, if an object has a method named <code>"getName"</code>, and if the result of calling
+     * <code>object.getName()</code> is <code>"Larry Fine"</code>, then the JSONObject will contain
+     * <code>"name": "Larry Fine"</code>.
+     * 
+     * @param bean An object that has getter methods that should be used to make a JSONObject.
+     * @param expectedClass Bean must be the instance of this class, for safe to avoid evil script inject
+     */
+    public JSONObject(Object bean, Class<?> expectedClass) {
+        this();
+        
+        if(bean.getClass() != expectedClass) {
+            throw new JSONException("expectedClass doesn't match the bean or is null");
+        } 
+        
+        populateMap(bean);
+    }
 
     /**
      * Construct a JSONObject from an Object, using reflection to find the public members. The resulting JSONObject's
diff --git a/main/plugins/org.talend.librariesmanager/resources/java/routines/system/ResumeUtil.java b/main/plugins/org.talend.librariesmanager/resources/java/routines/system/ResumeUtil.java
index cbf032486b..959e6ffcae 100644
--- a/main/plugins/org.talend.librariesmanager/resources/java/routines/system/ResumeUtil.java
+++ b/main/plugins/org.talend.librariesmanager/resources/java/routines/system/ResumeUtil.java
@@ -359,13 +359,12 @@ public class ResumeUtil {
         String str = out.toString();
         return str;
     }
-
-    // to support encrypt the password in the resume
-    public static String convertToJsonText(Object context, List<String> parametersToEncrypt) {
+    
+    public static String convertToJsonText(Object context, Class<?> expectedClass, List<String> parametersToEncrypt) {
         String jsonText = "";
         try {
             JSONObject firstNode = new JSONObject();
-            JSONObject secondNode = new JSONObject(context);
+            JSONObject secondNode = new JSONObject(context, expectedClass);
             if (parametersToEncrypt != null) {
                 for (String parameterToEncrypt : parametersToEncrypt) {
                     if (secondNode.isNull(parameterToEncrypt)) {
@@ -385,9 +384,15 @@ public class ResumeUtil {
         return jsonText;
     }
 
+    // to support encrypt the password in the resume
+    @Deprecated
+    public static String convertToJsonText(Object context, List<String> parametersToEncrypt) {
+        return convertToJsonText(context, context == null ? null : context.getClass(), parametersToEncrypt);
+    }
+
     // Util: convert the context variable to json style text.
     // feature:11296
-    // @Deprecated
+    @Deprecated
     public static String convertToJsonText(Object context) {
         return convertToJsonText(context, null);
     }
diff --git a/test/plugins/org.talend.librariesmanager.test/src/routines/system/JSONObjectTest.java b/test/plugins/org.talend.librariesmanager.test/src/routines/system/JSONObjectTest.java
index 4fe5235896..bf3d732397 100644
--- a/test/plugins/org.talend.librariesmanager.test/src/routines/system/JSONObjectTest.java
+++ b/test/plugins/org.talend.librariesmanager.test/src/routines/system/JSONObjectTest.java
@@ -24,10 +24,23 @@ public class JSONObjectTest extends TestCase {
 		}
 	}
 	
+	public class EvilBean {
+		public int id;
+		
+		public int getId() {
+			//do something evil
+			return this.id;
+		}
+		
+		public EvilBean(int id) {
+			this.id = id;
+		}
+	}
+	
 	@Test
 	public void test() throws JSONException {
 		Bean bean = new Bean(1,"wangwei");
-		JSONObject object = new JSONObject(bean);
+		JSONObject object = new JSONObject(bean, Bean.class);
 		
 		assertEquals(false, object.isNull("id"));
 		assertEquals(1, object.get("id"));
@@ -36,4 +49,15 @@ public class JSONObjectTest extends TestCase {
 		assertEquals(false, object.isNull("Name"));
 		assertEquals("wangwei", object.get("Name"));
 	}
+
+	@Test
+	public void testScriptInject() {
+		EvilBean evil = new EvilBean(1);
+		try {
+			new JSONObject(evil, Bean.class);
+			fail();
+		} catch(JSONException e) {
+		}
+	}
+	
 }
\ No newline at end of file