On Sun, Oct 14, 2012 at 11:28 AM, Mean L. <[email protected]> wrote:
> def context_binding
> @context.instance_eval {binding}
> end
>
> def eval(str)
> ->{$SAFE = 4; context_binding.eval(str)}.()
> end
>
> the binding context is unsafe since it's constructed in the sandbox
What exactly do you mean by "safe" here? Can you be more specific
what you mean by "safety" here and what you are trying to accomplish?
> but since it appears to not close over anything other than self
> (@context) which is safe, is it then effectively safe?
The safety of the whole thing depends on str's tainted status it
seems. Also, since you are not executing the code in its own thread
you create a side effect with your change of $SAFE. The usual
solution to this is to use $SAFE in another thread. You could do
def e(str)
Thread.new do
$SAFE = 4
context_binding.eval(str)
end.value
end
This wastes a single thread but doesn't actually execute in parallel
because via Thread#value the caller thread blocks until the other
thread has finished. And you do not change the $SAFE status of the
caller which IMHO is a bad side effect to have.
Kind regards
robert
--
remember.guy do |as, often| as.you_can - without end
http://blog.rubybestpractices.com/
-- You received this message because you are subscribed to the Google Groups
ruby-talk-google group. To post to this group, send email to
[email protected]. To unsubscribe from this group, send email
to [email protected]. For more options, visit this
group at https://groups.google.com/d/forum/ruby-talk-google?hl=en
