MOO-cows Mailing List Archive


Re: eval / toliteral safety question

Chuck Adams responds to me:

>> Is there EVER a circumstace where
>>   eval("return " + toliteral(x) + ";")[2]
>> would not equal x?  Can anyone think of a situation in which this would
>> represent an unsafe operation?  I've been trying to think of a value for
>> x for which this expression could have side effects, but I haven't come
>> up with anything yet, and I suspect I won't.

>I can't think of anything, but why do you want an identity function?

Well, I don't want an identity function really.  I want a verb of the form:

  {start} = args;                 /* start = args[1] */
  start = toliteral(start);       /* turn start into a string */
  [...]                           /* do things to start which I can */
                                  /*   guarantee to be safe */
  return eval("return " + start + ";")[2];

For example, say you want to change "Xythian" to "HunkaHunkaBurningLove" within
a string or a list of strings, or basically anywhere it exists within a
variable.  I could do some awkward recursive thing, or just:
  return eval("return " + strsub(toliteral(args[1]),
    "Xythian", "HunkaHunkaBurningLove", 1) + ";")[2];

Seth / Blackbriar
Seth I. Rich -
                                 There is nothing more precious than
Rabbits on walls, no problem.    a tear of true repentance.


Home | Subject Index | Thread Index