I don't think any type of checking will be safe against a determined attacker. One could conceivably rename objects to contain malicious code, and then use these as RNA path in an expression.
-m On Fri, May 23, 2014 at 8:57 AM, Vilem Novak <pildano...@post.cz> wrote: > thanks for the reactions. > From the proposed solution I think that most sane solution would be some > limitation for the one-line expressions, assumably all of those which > Joshua > proposed. > > > > > Maybe there is a simple way to put all these limitations into a simple > string-checking operation, just check if expression does not have: > > anything else but driver vars, operators, math functions(this might be the > complex part, to define what should be included in this.)... > > > > > I mean- rather check if there's what is allowed, then you don't have to > care > what all should be forbidden, because that is everything else... > > > > > Of course, this can again lead to similar situation - an artist does > something not allowed, he is again stuck with not knowing what is wrong > > (e.g. on the renderfarm), but I assume it would be much less cases. I > cannot > currently imagine creative cases which would end like this. > > > > > Regards > > Vilem > > > > _______________________________________________ > Bf-committers mailing list > Bf-committers@blender.org > http://lists.blender.org/mailman/listinfo/bf-committers > _______________________________________________ Bf-committers mailing list Bf-committers@blender.org http://lists.blender.org/mailman/listinfo/bf-committers