Load vs Load/All
[1/1] from: sanghabum::aol::com at: 26-Aug-2001 13:39
Hi there, Jeff (I think) in Zine/4 writes: ==== In fact, LOAD/all is the safest LOAD and you should use it when ever LOADing a string or file from an untrusted source (like CGI, for instance).
LOAD/all will always give you a block where as LOAD will give you a single item if there is only one item. LOAD/all always produces a block as a convenience because it is the "paranoid" LOAD. Whatever you give LOAD/all, it always gives you an unevaluated block of that thing. So if you do: error? try [load/all some-random-string] you can't go wrong. LOAD/all you can. ==== That's good advice, and it showed me how i had a security flaw in my code...Just doing a Load on a CGI field is a route to an immediate shutdown if the field contains "Rebol [Quit]". But it seems to be a ticking timebomb .... Each Load/All uses up (at least) one entry in System/words -- e.g. loop 2000 [ load/all join "A" [Random 50000] print length? first system/words ] When First System/words hits 4095 (or thereabouts: I believe the number differs across systems), my 24x7 application goes down like a Microsoft server. I'm using Load/All to convert a untrusted string into a date or decimal or string. Does anyone have a workaround for its unwanted behavior? Or am I writing the function 'ConvertUntrusted ? --Thanks, --Colin.