On Feb 12, 2013, at 1:46 PM, Phil Hagelberg wrote: > Andy Fingerhut writes: > >> Examples of dangerous side effects that can occur with >> clojure.core/read and read-string in Clojure 1.4 and earlier: >> >> ;; This causes precious-file.txt to be created if it doesn't >> ;; exist, or if it does exist, its contents will be erased (given >> ;; appropriate JVM sandboxing permissions, and underlying OS file >> ;; permissions). >> (read-string-unsafely "#java.io.FileWriter[\"precious-file.txt\"]") > > Thanks for clarifying. That is quite unfortunate. A separate library > will help for backwards-compatibility though.
Yes, agreed it is unfortunate. I have updated my version of the cheatsheet at http://jafingerhut.github.com Now it mentions the new clojure.tools.reader.edn versions of read and read-string (http://github.com/clojure/tools.reader), and no longer links to the clojure.core versions at all. Anyone who needs those can find them elsewhere. The clojure.tools.reader.edn versions should never trigger code execution as a side effect, with the exception of calling data reader functions, which are under the control of the caller. Nicola Mometto recently updated that library to support not only Clojure 1.4 but also Clojure 1.3, but that enhancement might not be in the public repositories until the next release. I will see if Alex Miller or someone else with permissions can help me update the main cheat sheet at http://clojure.org/cheatsheet, too. Andy -- -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
