| Chuck Adams on Fri, 29 Dec 2006 12:14:39 -0700 (MST) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [s-d] dice server enhancements, part 2 |
On 12/29/06, Joel Uckelman <uckelman@xxxxxxxxx> wrote: > Actually, taint isn't quite the right thing. Your suggestion prompted > me to look at the Safe module, which is *exactly* what I was looking > for. I wish I would have know of this a week ago, before I spent > the intervening time writing a C-fragment interpreter. *sigh* Yah you probably ultimately want safe if you're just going to eval the expression instead of parse it ... I forgot that eval is itself a taint-unsafe operation and doesn't just inherit the taint flag ... which makes sense when you consider that someone could make their eval untaint their own input :( I still think you'll get cleaner syntax for your expression language from a non-perl language, especially if you want to start dealing with more complex data (looking beyond dice rolling I guess). Whether you parse it in perl with Parse::RecDescent or Yapps or whatever, or use another language altogether, I suppose depends on how much of CPAN you want to have available and how much you just want an infix expression language. //s (me, I'd just write and embed a small forth interpreter) _______________________________________________ spoon-discuss mailing list spoon-discuss@xxxxxxxxx http://lists.ellipsis.cx/mailman/listinfo/spoon-discuss