Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.ruby > #3915 > unrolled thread
| Started by | Karolis Juodele <zulupineapple@gmail.com> |
|---|---|
| First post | 2011-05-04 05:39 -0500 |
| Last post | 2011-05-07 16:07 -0500 |
| Articles | 9 — 7 participants |
Back to article view | Back to comp.lang.ruby
Run time programming Karolis Juodele <zulupineapple@gmail.com> - 2011-05-04 05:39 -0500
Re: Run time programming Roger Pack <rogerpack2005@gmail.com> - 2011-05-04 05:58 -0500
Re: Run time programming Robert Klemme <shortcutter@googlemail.com> - 2011-05-04 05:58 -0500
Re: Run time programming Brian Candler <b.candler@pobox.com> - 2011-05-05 10:41 -0500
Re: Run time programming Brian Candler <b.candler@pobox.com> - 2011-05-05 10:43 -0500
Re: Run time programming Stu <stu@rubyprogrammer.net> - 2011-05-05 15:30 -0500
Re: Run time programming Josh Cheek <josh.cheek@gmail.com> - 2011-05-05 15:58 -0500
Re: Run time programming Stu <stu@rubyprogrammer.net> - 2011-05-07 15:57 -0500
Re: Run time programming Steve Klabnik <steve@steveklabnik.com> - 2011-05-07 16:07 -0500
| From | Karolis Juodele <zulupineapple@gmail.com> |
|---|---|
| Date | 2011-05-04 05:39 -0500 |
| Subject | Run time programming |
| Message-ID | <4a3b01fe4541e66cacac809c4625a46b@ruby-forum.com> |
Hi all, How can I run ruby code from my ruby program? Let's say I have a program with a text box. In that text box user writes a ruby function. I want the program to call that function in such way that this function would have access to the classes and variables in the main program. How can this be done? I imagine that since Ruby is interpreted dynamically adding code shouldn't be much of a problem. But then I just started learning Ruby and have no idea how this could work.. Thanks for your replies. -- Posted via http://www.ruby-forum.com/.
[toc] | [next] | [standalone]
| From | Roger Pack <rogerpack2005@gmail.com> |
|---|---|
| Date | 2011-05-04 05:58 -0500 |
| Message-ID | <068503b7bcbd7e30b3b8df71f3d2a8ee@ruby-forum.com> |
| In reply to | #3915 |
eval(user_given_text, binding) user_defined_method -- Posted via http://www.ruby-forum.com/.
[toc] | [prev] | [next] | [standalone]
| From | Robert Klemme <shortcutter@googlemail.com> |
|---|---|
| Date | 2011-05-04 05:58 -0500 |
| Message-ID | <BANLkTingGEBkPVcWWkyWyQNRqOk3saNVJA@mail.gmail.com> |
| In reply to | #3915 |
On Wed, May 4, 2011 at 12:39 PM, Karolis Juodele <zulupineapple@gmail.com> wrote: > How can I run ruby code from my ruby program? Let's say I have a program > with a text box. In that text box user writes a ruby function. I > want the program to call that function in such way that this function > would have access to the classes and variables in the main program. > > How can this be done? I imagine that since Ruby is interpreted > dynamically adding code shouldn't be much of a problem. But then I just > started learning Ruby and have no idea how this could work.. $ ri eval Kind regards robert -- remember.guy do |as, often| as.you_can - without end http://blog.rubybestpractices.com/
[toc] | [prev] | [next] | [standalone]
| From | Brian Candler <b.candler@pobox.com> |
|---|---|
| Date | 2011-05-05 10:41 -0500 |
| Message-ID | <c8b22475870c502a1d12c647d594bfd2@ruby-forum.com> |
| In reply to | #3920 |
Robert K. wrote in post #996572: > $ ri eval And see also: http://www.ruby-doc.org/docs/ProgrammingRuby/html/taint.html -- Posted via http://www.ruby-forum.com/.
[toc] | [prev] | [next] | [standalone]
| From | Brian Candler <b.candler@pobox.com> |
|---|---|
| Date | 2011-05-05 10:43 -0500 |
| Message-ID | <9fa9956046240c11f5caffd302a4ab27@ruby-forum.com> |
| In reply to | #3920 |
Robert K. wrote in post #996572: > $ ri eval And you might also want to think about who is entering that code and what it does: cautionary tale at http://www.ruby-doc.org/docs/ProgrammingRuby/html/taint.html So, re-implementing tryruby.org is not as simple as you might think. Look for the ruby sandbox gem. If only fully trusted users are entering data into this text box, then it's not a problem. -- Posted via http://www.ruby-forum.com/.
[toc] | [prev] | [next] | [standalone]
| From | Stu <stu@rubyprogrammer.net> |
|---|---|
| Date | 2011-05-05 15:30 -0500 |
| Message-ID | <BANLkTi=aDix67i71EGLOk5LYk1yiugT=Gw@mail.gmail.com> |
| In reply to | #4000 |
eval though is the root method it might be safer to use one of the more focused wrapper methods such as class_eval, instance_eval and define_method. ~Stu On Thu, May 5, 2011 at 10:43 AM, Brian Candler <b.candler@pobox.com> wrote: > Robert K. wrote in post #996572: >> $ ri eval > > And you might also want to think about who is entering that code and > what it does: cautionary tale at > http://www.ruby-doc.org/docs/ProgrammingRuby/html/taint.html > > So, re-implementing tryruby.org is not as simple as you might think. > Look for the ruby sandbox gem. > > If only fully trusted users are entering data into this text box, then > it's not a problem. > > -- > Posted via http://www.ruby-forum.com/. > >
[toc] | [prev] | [next] | [standalone]
| From | Josh Cheek <josh.cheek@gmail.com> |
|---|---|
| Date | 2011-05-05 15:58 -0500 |
| Message-ID | <BANLkTikfgv+zJ1GbX2QuZw=ChuENgNtvcA@mail.gmail.com> |
| In reply to | #4010 |
[Note: parts of this message were removed to make it a legal post.] On Thu, May 5, 2011 at 3:30 PM, Stu <stu@rubyprogrammer.net> wrote: > eval though is the root method it might be safer to use one of the > more focused wrapper methods such as class_eval, instance_eval and > define_method. > > ~Stu > > It's not clear to me how those are safer, I thought those just change contexts. For example, I can still call system (or do anything else, I would expect). Whatever = Class.new users_code = 'system "echo just doin the evils"' Whatever.class_eval users_code # >> just doin the evils
[toc] | [prev] | [next] | [standalone]
| From | Stu <stu@rubyprogrammer.net> |
|---|---|
| Date | 2011-05-07 15:57 -0500 |
| Message-ID | <BANLkTinHFObkxx7yc0KdtwU4oWXHOA1NRw@mail.gmail.com> |
| In reply to | #4013 |
Funny I was just playing with the go language version of tryruby which
also uses a sandbox.
I referring to how rails generators as input are used to alleviate the
boilerplate code in crud operations. For example the dynamic finders
i.e. find_by_#{evaluated_string} are most likely eval created.
I imagine putting the whole interpreter online must be a huge security
conscious effort.
On Thu, May 5, 2011 at 3:58 PM, Josh Cheek <josh.cheek@gmail.com> wrote:
> On Thu, May 5, 2011 at 3:30 PM, Stu <stu@rubyprogrammer.net> wrote:
>
>> eval though is the root method it might be safer to use one of the
>> more focused wrapper methods such as class_eval, instance_eval and
>> define_method.
>>
>> ~Stu
>>
>>
> It's not clear to me how those are safer, I thought those just change
> contexts. For example, I can still call system (or do anything else, I would
> expect).
>
> Whatever = Class.new
> users_code = 'system "echo just doin the evils"'
> Whatever.class_eval users_code # >> just doin the evils
>
[toc] | [prev] | [next] | [standalone]
| From | Steve Klabnik <steve@steveklabnik.com> |
|---|---|
| Date | 2011-05-07 16:07 -0500 |
| Message-ID | <BANLkTimtFjuP5TQt5woPobF_uTKWLRLZDw@mail.gmail.com> |
| In reply to | #4073 |
[Note: parts of this message were removed to make it a legal post.]
>
> For example the dynamic finders
> i.e. find_by_#{evaluated_string} are most likely eval created.
>
Sorta, yeah: method_missing which then does a class_eval to help with
performance.
https://github.com/rails/rails/blob/master/activerecord/lib/active_record/base.rb#L1018
[toc] | [prev] | [standalone]
Back to top | Article view | comp.lang.ruby
csiph-web