Amirouche Boubekki <amirou...@hypermove.net> writes: > I have procedures like that in my program: > > (define-public (scm->string scm) > (call-with-output-string > (lambda (port) > (write scm port)))) > > (define-public (string->scm string) > (call-with-input-string string read)) > > Is it safe to pass to this procedures input from third parties?
I would not consider Guile's 'read' to be trustworthy when processing potentially malicious inputs. Mark