On 28 February 2010 11:30, Dudebot <craign...@gmail.com> wrote: > On Feb 28, 3:04 am, Michael Pavling <pavl...@gmail.com> wrote: >> On 27 February 2010 21:15, Dudebot <craign...@gmail.com> wrote: >> >> > Needless to say, this code is *not safe*. A user can run anything in >> > that eval. In my application, only trusted users have access to >> > building templates. >> >> I don't think it's needless... I think it's extremely important to >> say. For anyone reading this post and thinking it's a solution to >> their problem - if anyone sat back and presented this as a "fix" to >> me, I would fire them for their recklessness :-/ > > That's exactly why I said it ;)
Yeah, I figured; I was just concerned that you hadn't qualified why it was not safe, and someone reading the thread and acting upon it as advice might expose themselves to a very unexpected, unpleasant risk - then they'd only post here asking someone to clean it up! :-) -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-t...@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
