Perhaps I can summarise Gabriele's and Sunanda's helpful advice on handling "untrusted" data :
1. Data that has not been validated may, accidentally or maliciously, include invalid or valid Rebol code. It needs to be treated with care. 2. The safest option is to use "to block!" or "to-block" as it does not bind the words so they cannot be accidentally evaluated. For example : >> to block! "quit" == [quit] >> do to block! "quit" ** Script Error: quit word has no context ** Near: quit It is possible to reduce the number of system words consumed by using the "to" approach rather than "load". For example >> length? first system/words == 1246 >> do to block! "val1" ** Script Error: val1 word has no context ** Near: val1 >> length? first system/words == 1246 >> do load "val2" ** Script Error: val2 has no value ** Near: do load "val2" >> length? first system/words == 1247 >> do load/all "val3" ** Script Error: val3 has no value ** Near: val3 >> length? first system/words == 1248 3. Load/all is safer than Load with older versions of Rebol including the current official View release 1.2.1. 4. It is advisable to wrap the to-block or load of untrusted data in an error/try block as some strings will give problems. For example: >> load "]" ** Syntax Error: Missing [ at end-of-block ** Near: (line 1) ] >> load/all "]" ** Syntax Error: Missing [ at end-of-block ** Near: (line 1) ] >> to block! "]" ** Syntax Error: Missing [ at end-of-block ** Near: (line 1) ] >> error? try [load/all "]"] == true Please let me know if I have summarised this incorrectly. Regards Peter -- To unsubscribe from the list, just send an email to rebol-request at rebol.com with unsubscribe as the subject.
