Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search

[REBOL] Re: [load vs load/all] [how to//handle untrusted data] load v loa...

From: SunandaDH::aol::com at: 17-Nov-2004 8:49

> The basic premises are that it's more secure to use load/all when > reading "untrusted" data and that using load/all eats up available > words.
> The first assumption is only true in older versions of REBOL;
Not quite......The first assumption is true in the current production release of REBOL/View: -- dowload from this page: -- and then try: load "rebol [quit]" There is a note on the web page advising people to download newer betas. But the existence of a newer beta does not make the existing production release an "older version" -- it remains the current, official version until actually replaced by RT. RT seem to be very slow in getting around to that. But there must be reason for it. So any company thinking of using REBOL is probably better off using the official releases. So, for code using the official version, 'load/all is the safe alternative to 'load. As you say, both 'load/all and 'load use up part of the finite space in system/words, so 'to-block is better in many cases. In all cases, and all versions of REBOL, wrap the untrusted 'load etc in an error/try block because they will fail on some strings, eg: load "]" load/all "]" to-block "]" There still remains the problem (in all versions of REBOL) that 'load or 'do of code will use up part of the finite space in system/words, and this space is unrecoverable as far as I know. That places a limit on the size of REBOL applications, or the length of time they can run if they evaluate console input. Sunanda.