On Wed, Mar 5, 2014 at 1:31 PM, Chris Angelico <rosuav@gmail.com> wrote:
On Thu, Mar 6, 2014 at 8:20 AM, David Mertz <mertz@gnosis.cx> wrote:
> The literal hardly saves you from injection attacks.  I could write this too
> under the proposed idea:
>   foo = get_string_from_attacker()
>   a = $(foo)
>   b = a.eval()
> Now one can say "don't do that!" ... but that advice applies just as well to
> 'compile(unsafe_string, ...)'

That'll just be like doing:

b = foo

So it's still safe. That's the point.

Doh! You are right.  The literal does make it somewhat harder to shoot yourself in the foot with code injection, I had a thinko there.  Still, advice in the docs not to do 'compile(untrusted_string, ...)' feels like it pretty much does what we actually need.

Keeping medicines from the bloodstreams of the sick; food
from the bellies of the hungry; books from the hands of the
uneducated; technology from the underdeveloped; and putting
advocates of freedom in prisons.  Intellectual property is
to the 21st century what the slave trade was to the 16th.