[REBOL] Re: [load vs load/all] [how to//handle untrusted data] load v loa...
From: SunandaDH::aol::com at: 17-Nov-2004 8:49
Peter:
> The basic premises are that it's more secure to use load/all when
> reading "untrusted" data and that using load/all eats up available
> words.
Gabriele:
> The first assumption is only true in older versions of REBOL;
Not quite......The first assumption is true in the current production release
of REBOL/View:
-- dowload from this page:
http://www.rebol.com/view-platforms.html
-- and then try:
load "rebol [quit]"
There is a note on the web page advising people to download newer betas.
But the existence of a newer beta does not make the existing production
release an "older version" -- it remains the current, official version until
actually replaced by RT.
RT seem to be very slow in getting around to that. But there must be reason
for it. So any company thinking of using REBOL is probably better off using the
official releases.
So, for code using the official version, 'load/all is the safe alternative to
'load.
As you say, both 'load/all and 'load use up part of the finite space in
system/words, so 'to-block is better in many cases.
In all cases, and all versions of REBOL, wrap the untrusted 'load etc in an
error/try block because they will fail on some strings, eg:
load "]"
load/all "]"
to-block "]"
There still remains the problem (in all versions of REBOL) that 'load or 'do
of code will use up part of the finite space in system/words, and this space
is unrecoverable as far as I know.
That places a limit on the size of REBOL applications, or the length of time
they can run if they evaluate console input.
Sunanda.
