Joel Uckelman on Fri, 29 Dec 2006 13:29:53 -0700 (MST)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [s-d] dice server enhancements, part 2

Thus spake "Chuck Adams":
> On 12/29/06, Joel Uckelman <uckelman@xxxxxxxxx> wrote:
> > Actually, taint isn't quite the right thing. Your suggestion prompted
> > me to look at the Safe module, which is *exactly* what I was looking
> > for. I wish I would have know of this a week ago, before I spent
> > the intervening time writing a C-fragment interpreter. *sigh*
> Yah you probably ultimately want safe if you're just going to eval the
> expression instead of parse it ... I forgot that eval is itself a
> taint-unsafe operation and doesn't just inherit the taint flag ...
> which makes sense when you consider that someone could make their eval
> untaint their own input :(
> I still think you'll get cleaner syntax for your expression language
> from a non-perl language, especially if you want to start dealing with
> more complex data (looking beyond dice rolling I guess).  Whether you
> parse it in perl with Parse::RecDescent or Yapps or whatever, or use
> another language altogether, I suppose depends on how much of CPAN you
> want to have available and how much you just want an infix expression
> language.
> //s
> (me, I'd just write and embed a small forth interpreter)

After just a few hours of reading docs and screwing around, I have
57 lines of Perl which *almost* does the job. It doesn't interface
with the roller yet, but it does understand how to parse requests
into code and non-code parts, and safely evalute the code parts.

spoon-discuss mailing list