Chuck Adams on Fri, 29 Dec 2006 12:14:39 -0700 (MST)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [s-d] dice server enhancements, part 2

On 12/29/06, Joel Uckelman <uckelman@xxxxxxxxx> wrote:
> Actually, taint isn't quite the right thing. Your suggestion prompted
> me to look at the Safe module, which is *exactly* what I was looking
> for. I wish I would have know of this a week ago, before I spent
> the intervening time writing a C-fragment interpreter. *sigh*

Yah you probably ultimately want safe if you're just going to eval the
expression instead of parse it ... I forgot that eval is itself a
taint-unsafe operation and doesn't just inherit the taint flag ...
which makes sense when you consider that someone could make their eval
untaint their own input :(

I still think you'll get cleaner syntax for your expression language
from a non-perl language, especially if you want to start dealing with
more complex data (looking beyond dice rolling I guess).  Whether you
parse it in perl with Parse::RecDescent or Yapps or whatever, or use
another language altogether, I suppose depends on how much of CPAN you
want to have available and how much you just want an infix expression

(me, I'd just write and embed a small forth interpreter)
spoon-discuss mailing list