A good rule of thumb: One should worry that giving end-users access to a full-fledged eval function can be dangerous, because users can then do anything that the language can do, and cause damage to their own system or to others'.
There are numerous Clojurescript repls embedded in public web pages, so this apparently isn't a problem (or it's a problem that can easily be avoided). My hypothesis is that browser repls aren't considered problematic because the repl is running in a browser on the user's machine, so that the worst that they can do is cause damage to themselves. Still, one could imagine someone telling an uninformed person to do something that would be bad for their system. (Is it not possible to do file io, for example, from a browser repl?) I'm going to be working on a small web page in which it would be helfpul to let users define Clojurescript functions that affect output on the page. So I started to worry about whether there are dangers that I need to avoid. It might be simplest to simply give users access to a repl, but I could also process their definitions myself, passing them to eval, for example. Please feel free to simply point me to a useful discussion of this issue on the web, and we can end this thread early. :-) -- Note that posts from new members are moderated - please be patient with your first post. --- You received this message because you are subscribed to the Google Groups "ClojureScript" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/clojurescript.
