> > This technique sounds similar to crafting SQL queries with string > concats. Beware of code injection attacks if you're manipulating the source > code string mySourceCode. You should probably use CodeDOM to manipulate > the source code rather than craft a string. >
The scripts are a public feature of the app, not secured or vetted, so if the desktop users want to put a "del C:\*.*" in the script then they're welcome to try it. If the code was highly structured then I'd use the CodeDOM, but like Reflection Emit it's really hard to code, and you can't just type it into Notepad, which is the convenience I wanted --*Greg*
