Re: string_exec()
- Posted by katsmeow Mar 01, 2015
- 2252 views
Unless we're talking about this as something sandboxed away from the current program. I don't think that's what Kat wants, since I believe she wants to interact with the data and code of the program that's executing the dynamic code.
Yes, I'm suggesting that we sandbox the code. That's what the context is.
If Kat is looking for a use case where she can call code dynamically, there are other ways this could approached. But this wouldn't work well for that.
- David
There is no point in executing a string outside the context of exactly where it was called in the code. To place the string outside the context of where the eval() was called, is to simply run another program. We can do that now. So sandboxing eval() does me no good. I can run other OE programs already.
Security is not an issue, i can run the application with an airgap between the computers and the internet. I can filter what goes into the string. I can filter what is in the string before it is eval()'d.
Some of you are standing against what i ask for because it is not good for you. Then don't use it, just like you don't use more than 50% of what is already in OE. You can always disable it, compile without it, or override it.
Here's a thought: i wrote Tiggr many years ago, the syntax parser was working ~1993. Tiggr uses string execution. One week, maybe 10 years ago, i downloaded the entire RDS archive, unzipped every file, multiply indexed every file, munged every index, plugged the results into Tiggr for intelligent searching. Guess why that feature is not on the OE website? Because Tiggr uses string execution, and access to the var table, which means she isn't written in OE, and that is unacceptable.
useless
