In those hills yonder in the lands of Common Lisp, it's usually considered good practice to blast the entire read table save for what you need when you deal with untrusted data. Barring that, a better option might be a more modular reader: read-number, read-symbol, etc.
-Per On Fri, Mar 26, 2010 at 9:01 AM, Richard Newman <holyg...@gmail.com> wrote: >> Of course, it might also pose a bit of a security threat: >> >> user> (read-string "#=(println \"I OWN YOU NOW!\")") >> I OWN YOU NOW! >> nil >> >> :) > > user=> (binding [*read-eval* false] > (read-string "#=(println \"I OWN YOU NOW!\")")) > java.lang.RuntimeException: java.lang.Exception: EvalReader not allowed when > *read-eval* is false. (NO_SOURCE_FILE:0) > > -- > You received this message because you are subscribed to the Google > Groups "Clojure" group. > To post to this group, send email to clojure@googlegroups.com > Note that posts from new members are moderated - please be patient with your > first post. > To unsubscribe from this group, send email to > clojure+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/clojure?hl=en > > To unsubscribe from this group, send email to > clojure+unsubscribegooglegroups.com or reply to this email with the words > "REMOVE ME" as the subject. > -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en To unsubscribe from this group, send email to clojure+unsubscribegooglegroups.com or reply to this email with the words "REMOVE ME" as the subject.
