Sandbox execution (was: Re: On USE [was Re: WYSIWYG programming])

-- snip --

This is kind of interesting. I remember earlier discussions on this list regarding sandbox-execution of code. *-*- REBOL session -- ## help sandbox USAGE: SANDBOX code words DESCRIPTION: Perform execution of a string with only access to selected words SANDBOX is a function value. ARGUMENTS: code -- REBOL code to execute (Type: string) words -- Block of allowed words (Type: block) ## x: 5 == 5 ## test-code: "1 + ((2 * 3) / 4) + x" == "1 + ((2 * 3) / 4) + x" ## allowed-words: [+ - * / x] == [+ - * / x] ## sandbox test-code allowed-words == 7.5 ## source sandbox sandbox: func [ {Perform execution of a string with only access to selected words} code [string!] "REBOL code to execute" words [block!] "Block of allowed words" /local code-block context context-prototype ][ context-prototype: make block! [] foreach word words [ append context-prototype compose [(to-set-word :word) none] ] context: make object! context-prototype foreach word words [ set in context :word get :word ] do bind/copy to-block code in context 'self ] ## test-code: "delete %important-file.r" == "delete %important-file.r" ## sandbox test-code allowed-words ** Script Error: delete is not defined in this context. ** Where: delete %important-file.r *-*- REBOL session end -- (Deliberatly kept as simple as possibly - could easily be extended to support code-blocks, etc) However, as long as i don't see this documentet as intended behaviour, which will not change, I would not rely on this being secure! What do you think? Best regards Thomas Jensen

That's an interesting application! (I think TO-BLOCK was implemented that way for speed, because you're likely to use it for data only, and use LOAD for code...) Regards, Gabriele. -- Gabriele Santilli <[giesse--writeme--com]> - Amigan - REBOL programmer Amiga Group Italia sez. L'Aquila -- http://www.amyresource.it/AGI/