| Joel Uckelman on Fri, 29 Dec 2006 13:29:53 -0700 (MST) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [s-d] dice server enhancements, part 2 |
Thus spake "Chuck Adams": > On 12/29/06, Joel Uckelman <uckelman@xxxxxxxxx> wrote: > > Actually, taint isn't quite the right thing. Your suggestion prompted > > me to look at the Safe module, which is *exactly* what I was looking > > for. I wish I would have know of this a week ago, before I spent > > the intervening time writing a C-fragment interpreter. *sigh* > > Yah you probably ultimately want safe if you're just going to eval the > expression instead of parse it ... I forgot that eval is itself a > taint-unsafe operation and doesn't just inherit the taint flag ... > which makes sense when you consider that someone could make their eval > untaint their own input :( > > I still think you'll get cleaner syntax for your expression language > from a non-perl language, especially if you want to start dealing with > more complex data (looking beyond dice rolling I guess). Whether you > parse it in perl with Parse::RecDescent or Yapps or whatever, or use > another language altogether, I suppose depends on how much of CPAN you > want to have available and how much you just want an infix expression > language. > > //s > (me, I'd just write and embed a small forth interpreter) After just a few hours of reading docs and screwing around, I have 57 lines of Perl which *almost* does the job. It doesn't interface with the roller yet, but it does understand how to parse requests into code and non-code parts, and safely evalute the code parts. -- J. _______________________________________________ spoon-discuss mailing list spoon-discuss@xxxxxxxxx http://lists.ellipsis.cx/mailman/listinfo/spoon-discuss