Project

General

Profile

Feature #12399

Restricted, safe version of `Kernel#eval`

Added by sawa (Tsuyoshi Sawada) almost 5 years ago. Updated over 3 years ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Target version:
-
[ruby-core:75612]

Description

Kernel#eval is convenient, but sometimes, it can be a security risk, and often people crazily react against using it even when it is not dangerous.

I propose to have a restricted version of eval, which can interpret Ruby literals, but whenever there is constant assignment, variable assignment, method call, or method definition, it raises an error.

It can be used to safely accept parameters given as a string. One example use is, parameter interpretation of command line option parser can be easily be done under the assumption that the parameter is given as Ruby expression.

Also available in: Atom PDF