2008/12/17 wmiller <[email protected]>: >> A scheme which just tries to do textual substitution of 'print' in >> code before evaling/compiling it is not a good idea. > > this is the approach. For code between <% %> tags, first replace > 'print' with 'printwrite', then compile, then pass to eval with > 'printwrite' passed to a function to append to output. Would be nice > to replace 'print' opcode after compiling but not sure how that's done > - will have to look into that. What's the issue with substituting > 'print' with another keyword before compiling? Instead of > 'printwrite', another long unlikely-to-be-used keyword could be > substituted if the concern is that 'printwrite' could be used in the > code somewhere for other purposes.
The problem with textual substitution, where you aren't properly parsing code is that you might replace 'print' in a context where it is not as a key word. For example, in text strings. Your substitution thus has to be partly intelligent. >> Which of the above are you trying to use to ensure 'print' goes where you >> want? >> >> As to eval, ultimately somewhere the code has to be compiled and run >> and so you can't avoid evaluating it. The problem is just ensuring >> that text which comes from URL, headers or post content doesn't get >> expanded into code string before being evaluated. > > this where a good example would help. The way the code is compiled > from the server-side source, I'm not clear on how text from URL, > headers or post content could manifest itself in the source code > before compilation. It may well not be an issue, in which case finding an alternative to 'eval' may not be necessary. Still do check out what mod_python PSP does. Even if you don't use its C based lexer stuff, you might learn from how it in the end executes the code it creates. Graham --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "modwsgi" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/modwsgi?hl=en -~----------~----~----~----~------~----~------~--~---
