From: Emanuel Berg <embe8573@student.uu.se>
To: help-gnu-emacs@gnu.org
Subject: Re: Execute a string as a command
Date: Sat, 07 Nov 2015 04:57:24 +0100 [thread overview]
Message-ID: <87a8qqmpgb.fsf@debian.uxu> (raw)
In-Reply-To: 20151107013249.GL3301@mail.akwebsoft.com
Tim Johnson <tim@akwebsoft.com> writes:
> By this time, you've probably read from the
> continuation of this thread that I had problems with
> setting up the menu structure so that command
> objects could be read from it. Thus I used a string
> representation to see if that could be evaluated.
I don't use menus so I can't say but my gut feeling
tells me that to keep commands as strings to be
evaluated isn't a good idea.
It is disencouraged in shell scripting as well (e.g.,
bash, zsh). And isn't the famous SQL injection attack
based on somewhat the same data/code intermingling?
One problem is the string needs to be parsed somehow
into code. You may say this happens all the time when
programming. However when programming, even tho you
aren't compiling your code, after each evaluation of
a function, that function is simply invoked. At that
stage the function is at least formally correct in the
sense that evaluation was possible. But, in your menu
case, evaluation must be done each time. Otherwise it
is just a string. This is not only inefficient, it is
also insecure as there is no telling if that string
holds anything that can sensibly be put together into
a function.
The argument problem has been mentioned. In general,
commands that are not strings but commands hold much
more power. Much more stuff can be done with them, and
around them: e.g., advices, lambdas, keybindings, and
probably a lot more.
> I have since found the right combination of menu
> syntax and 'eval syntax to make the command
> objects readable.
In old Lisp books (e.g., [1]), `eval' is one of the
first things they mention and they put it as
a cornerpiece of Lisp. Since then this has changed and
eval should only be used with what is explicitly
commands, i.e. stuff that is beyond doubt prepared
for execution. In your case, you have used it correct.
Another example might be:
(eval (car command-history) )
Here, both the name and the docstring "List of recent
commands..." support the use of `eval'. (Other people
can tell you more about why you shouldn't use
eval otherwise.)
> Thanks ... for your replies. They are
> always enlightening.
Well, "always" may be stretching it just a bit :)
% [1]
@book{artificial-intelligence-and-the-design,
title = {Artificial Intelligence and the Design of Expert Systems},
author = {George Luger; William Stubblefield},
publisher = {Benjamin-Cummings},
year = 1989,
ISBN = 0805301399
}
--
underground experts united
http://user.it.uu.se/~embe8573
next prev parent reply other threads:[~2015-11-07 3:57 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-06 3:23 Execute a string as a command Tim Johnson
2015-11-06 3:53 ` Emanuel Berg
2015-11-06 4:06 ` Tim Johnson
2015-11-06 21:47 ` Emanuel Berg
2015-11-07 1:32 ` Tim Johnson
2015-11-07 3:57 ` Emanuel Berg [this message]
[not found] ` <mailman.1860.1446859974.7904.help-gnu-emacs@gnu.org>
2015-11-07 18:32 ` Barry Margolin
2015-11-07 19:36 ` Tim Johnson
2015-11-06 4:40 ` Random832
2015-11-06 5:52 ` Tim Johnson
[not found] ` <mailman.1818.1446789151.7904.help-gnu-emacs@gnu.org>
2015-11-06 9:43 ` Joost Kremers
2015-11-06 16:17 ` Tim Johnson
2015-11-06 16:49 ` Tim Johnson
[not found] <mailman.1811.1446780244.7904.help-gnu-emacs@gnu.org>
2015-11-06 3:36 ` Barry Margolin
2015-11-06 3:59 ` Tim Johnson
2015-11-06 3:59 ` Emanuel Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87a8qqmpgb.fsf@debian.uxu \
--to=embe8573@student.uu.se \
--cc=help-gnu-emacs@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).