Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search

[REBOL] Re: [load vs load/all] [how to//handle untrusted data] load v load/all - CGI security & word consumption

From: gabriele::colellachiara::com at: 17-Nov-2004 11:59

Hi Peter, On Wednesday, November 17, 2004, 7:12:42 AM, you wrote: PWW> The basic premises are that it's more secure to use load/all when PWW> reading "untrusted" data and that using load/all eats up available PWW> words. The first assumption is only true in older versions of REBOL; the second is false, not in the sense that new words do not use space, but in the sense that this happens with a normal LOAD too. Also, in newer versions of REBOL the word limit has been increased, so unless you are doing something like the example you provided and intentionally creating a lot of different words, this is not a problem. Note that using TO BLOCK! instead of LOAD you do not use space in the global context because it does not bind the words. This is probably safer than LOAD for untrusted data because since the words are not bound, you don't risk anything even if you accidentally evaluate them.
>> to block! "quit"
== [quit]
>> do to block! "quit"
** Script Error: quit word has no context ** Near: quit Regards, Gabriele. -- Gabriele Santilli <[g--santilli--tiscalinet--it]> -- REBOL Programmer Amiga Group Italia sez. L'Aquila --- SOON: