From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Jean Louis Newsgroups: gmane.emacs.help Subject: eval myths - Re: How to tame compiler? Date: Fri, 30 Apr 2021 23:23:03 +0300 Message-ID: References: <874kfn292f.fsf@disroot.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="15586"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Mutt/2.0.6 (2021-03-06) To: help-gnu-emacs@gnu.org Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Fri Apr 30 23:32:50 2021 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lcakk-0003xl-Hw for geh-help-gnu-emacs@m.gmane-mx.org; Fri, 30 Apr 2021 23:32:50 +0200 Original-Received: from localhost ([::1]:45810 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lcakj-0003Sl-Iy for geh-help-gnu-emacs@m.gmane-mx.org; Fri, 30 Apr 2021 17:32:49 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:57368) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lca7O-0005ua-VR for help-gnu-emacs@gnu.org; Fri, 30 Apr 2021 16:52:12 -0400 Original-Received: from stw1.rcdrun.com ([217.170.207.13]:54961) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lca7J-0002ax-1N for help-gnu-emacs@gnu.org; Fri, 30 Apr 2021 16:52:10 -0400 Original-Received: from localhost ([::ffff:154.231.162.22]) (AUTH: PLAIN securesender, TLS: TLS1.3,256bits,ECDHE_RSA_AES_256_GCM_SHA384) by stw1.rcdrun.com with ESMTPSA id 0000000000046241.00000000608C6DD1.00006584; Fri, 30 Apr 2021 13:51:29 -0700 Mail-Followup-To: help-gnu-emacs@gnu.org Content-Disposition: inline In-Reply-To: <874kfn292f.fsf@disroot.org> Received-SPF: pass client-ip=217.170.207.13; envelope-from=bugs@gnu.support; helo=stw1.rcdrun.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "help-gnu-emacs" Xref: news.gmane.io gmane.emacs.help:129226 Archived-At: * Jorge P. de Morais Neto [2021-04-30 17:29]: > Hi all! > > Em [2021-04-22 qui 10:46:59-0400], Stefan Monnier escreveu: > > >> Is there a way to avoid these warnings? > > > > Yes: don't abuse `eval` ;-) > > Jean Louis, could you provide a little more detail on what are you using > ~eval~ for? Some tasks accomplished by eval can be done more safely by > other means. For example, if you just want symbol indirection, you can > use ~symbol-value~ (there is also ~symbol-function~). If you want to > apply a function object to a sequence of arguments, you can use ~apply~ > or ~funcall~. > > I know little about Elisp; more experienced hackers may know about other > mechanisms that avoid the need for ~eval~. Good read: https://en.wikipedia.org/wiki/Eval#Security_risks My eval-ing is equally dangerous as Org Babel evaling. If I write some destructive commands, well, it will be destructive. There is no special security risk there, as eval-ing does not take place online. But I could as well do it online, even then there need not be any security risk as I can tell which data goes into eval and decide not to include dynamic data, but currently I do not see any need for that. I could write text with eval-ing markup and have it interpolated by using Emacs on the fly, it would be pretty fast WWW publishing. Let us say I wish to say when is document last modified, I could just include: Last modified: ⟦ (last-modified) ⟧ and it would interpolate into time stamp of the file in question. Eval I use also in the nodes in the PostgreSQL database. I am thinking also to have various database types define for themselves their presentation or export functions. Right now I have Emacs hashes in the database. It is similar to properties in Org mode, though I have properties also as PostgreSQL array type. Some document entry could be saved in the hash, it expands PostgreSQL data type into something that Emacs understands, such hash has to be evaled. Let us say, I defined "Markdown Flavour X" as type, then the type could have its functions inside of itself in the database. That would be evaluated with eval and run. HTML could be generated, or some other program. Instead of hard coding it statically in a program, a remote or collaborative program could simply access the database by which access program would be extended, fetched from remote database and executed. Of course it gives to the remote resource full control about which program is there. But then there can be PGP signature for verification if necessary. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns Sign an open letter in support of Richard M. Stallman https://stallmansupport.org/ https://rms-support-letter.github.io/