develooper Front page | perl.perl6.users | Postings from June 2018

Re: RFE: eval documentation

Thread Previous | Thread Next
From:
Brandon Allbery
Date:
June 14, 2018 17:45
Subject:
Re: RFE: eval documentation
Message ID:
CAKFCL4WqYs6=GRfRzv1w0aWu2uDG9ig7ONWECq9uf+mb=QFgpA@mail.gmail.com
I think the message is obscure for a reason: the last thing you want is for
someone to make an insecure module look "safe" by just dropping that pragma
into it. You want to make them think about what they are doing.

On Thu, Jun 14, 2018 at 1:32 PM ToddAndMargo <ToddAndMargo@zoho.com> wrote:

> Dear Perl6 Developers,
>
> https://docs.perl6.org/language/5to6-perlfunc#eval
>
> Would you please consider adding
>
>       ::('&' ~ $RunSpecific)()
>       &::($RunSpecific)()
>
> to the documentation, as well as an explanation of
> the error message when using EVAL
>
> ===SORRY!=== Error while compiling /home/linuxutil/GetUpdates.pl6
> EVAL is a very dangerous function!!! (use the MONKEY-SEE-NO-EVAL pragma
> to override this error,
> but only if you're VERY sure your data contains no injection attacks)
> at /home/linuxutil/GetUpdates.pl6:6016
> ------> else { EVAL "$RunSpecific"⏏; }
>
> Be sure to turn the "use the MONKEY-SEE-NO-EVAL pragma" phrase into
> `use MONKEY-SEE-NO-EVAL;` as the sentence is to obscure otherwise.
>
>
> Many thanks,
> -T
>


-- 
brandon s allbery kf8nh                               sine nomine associates
allbery.b@gmail.com                                  ballbery@sinenomine.net
unix, openafs, kerberos, infrastructure, xmonad        http://sinenomine.net

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About