useful tool for c.l.p

Bruce Sass bsass at edmc.net
Sat Aug 2 22:45:17 CEST 2003


On Sat, 2 Aug 2003, Alan Kennedy wrote:

> [Behrang Dadsetan wrote]
> > Would it not be wonderful to have some kind of integrated python
> > interpreter within the news agent/email program, so one could kinda
> > select the concerned code (or better, it is automaticly spotted)  and
> > just let it run within the mail? :)
>
> That's a nice idea.
>
> However, were you to actually go ahead and implement this idea, we
> would then be exposing ourselves to serious security risks, since
> people could post malicious code in their posts.

As long as the code is not automatically executed it would not be much
more of a security issue...

> As Terry Reedy pointed out, it's not hard to fire up the interpreter
> and paste the script into it. Python's conciseness makes that very
> easy, even if the whitespace issue sometimes results in mangled code.

...because I don't see a difference between selecting code then
executing it and select, cut'n'paste then execute.

A standard [or] tool could include a sandbox, which you don't get
with a simple cut'n'past into an interpreter.

> And I always like to cast an eye over code before I run it, as a quick
> sanity check that its not going to do anything I don't want or like
> the look of.

Always a good idea.


While playing with Literate Programing (LP) and generally exploring
Python awhile back I put together a proof-of-concept which lets you
place code (noweb markup, can handle multiple files) in an email, have
it automatically extracted when it hits the mail reader, then sent to
an editor or IDE.  Executing the code is just a click or keypress
away.

I figured that noweb markup was simple and unobtrusive, and treating
the message as LP (with its "flexible order of elaboration") would be
a good way to include programs, especially long examples, in email.
However, since that sorta thing doesn't happen very often and it is
easy to cut'n'paste, I didn't bother to develop it further.


--- message body example ---

lpmail: label1 label2

...text...

<<label1>>=
...code...
@

...more text...

<<label2>>=
...code...
@

-----

The code is on the 'net at:
http://home.edmc.net/~bsass/lpmail.py

Beware: it is a couple of years old and was a
stream-of-conciousness project... but it works and should only be a
security problem if the code text can tell the editor or IDE to
automatically execute a buffer.


- Bruce





More information about the Python-list mailing list