MOO-cows Mailing List Archive
[Prev][Next][Index][Thread]
Re: eval / toliteral safety question
On Tue, 11 Jun 1996, Seth I. Rich wrote:
> Chuck Adams responds to me:
>
> >> Is there EVER a circumstace where
> >> eval("return " + toliteral(x) + ";")[2]
> >> would not equal x? Can anyone think of a situation in which this would
> >> represent an unsafe operation? I've been trying to think of a value for
> >> x for which this expression could have side effects, but I haven't come
> >> up with anything yet, and I suspect I won't.
>
> >I can't think of anything, but why do you want an identity function?
>
> Well, I don't want an identity function really. I want a verb of the form:
>
> {start} = args; /* start = args[1] */
> start = toliteral(start); /* turn start into a string */
> [...] /* do things to start which I can */
> /* guarantee to be safe */
> return eval("return " + start + ";")[2];
>
> For example, say you want to change "Xythian" to "HunkaHunkaBurningLove" within
> a string or a list of strings, or basically anywhere it exists within a
> variable. I could do some awkward recursive thing, or just:
> return eval("return " + strsub(toliteral(args[1]),
> "Xythian", "HunkaHunkaBurningLove", 1) + ";")[2];
>
As far as I can tell, that should work fine. But if Xythian and
HunkaHunkaBurningLove aren't going to be hard coded into the verb you should
probably run them through toliteral() too. For example:
{start, search, replace} = args;
return eval(tostr("return ", strsub(toliteral(start), toliteral(search),
toliteral(replace)), ";"))[2];
--Dark_Owl
References:
Home |
Subject Index |
Thread Index