all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
From: Jean Louis <bugs@gnu.support>
To: Michael Heerdegen <michael_heerdegen@web.de>
Cc: help-gnu-emacs@gnu.org
Subject: Re: How to tame compiler?
Date: Sun, 2 May 2021 10:37:36 +0300	[thread overview]
Message-ID: <YI5WwNMkY69v1NI9@protected.localdomain> (raw)
In-Reply-To: <87v981wv3f.fsf@web.de>

* Michael Heerdegen <michael_heerdegen@web.de> [2021-05-02 08:43]:
> Stefan Monnier <monnier@iro.umontreal.ca> writes:
> 
> > I know I sound like a broken clock, but [...]
> 
> I think you would sound more like an unbroken clock if you would shortly
> tell the disadvantages of using `eval', then people would be more open
> to alternatives.

I have now just isolated the `rcd-template-eval' function into
separate package without `lexical-binding' and it works well:
https://hyperscope.link/3/7/1/3/3/RCD-Template-Interpolation-System-for-Emacs.html

This is one special case where lexical-binding should be nil, as me, I
wish to be able to expand any variables in the template. I could use
`lexical-binding t' to see maybe some compiler errors, but then I have
removed it.

Of course I have heard of dangers of using `eval' in various
programming languages. But we have to put it in the specific contexts
as we do use `eval' so many times.

Example is Org mode source blocks, eval is used there, including it is
used to evaluate other or any kind of language. And people publish Org
mode documents after doing eval. Just same thing is taking place here.

The RCD Template Interpolation system uses `eval' to expand the
embedded Emacs Lisp into text. It is just same as using Org mode with
source blocks to expand Emacs Lisp or other programming languages into
text.

Just as with writing text, I could accidently write my passwords and
publish them online, or I could accidentaly or unknowingly remove all
my files with `rm -rf /home/myhome' -- and I remember doing that first
time when I met MS-DOS, but command name maybe was different, who
cares.

When `eval' is used with parameters that arrive from website visitor,
that is where one should be careful maybe to escape the parameters and
make sure there is nothing that could disturb or be malicious. Of
course one should not `eval' the parameter rather accept strings and
process strings. 

I guess hundreds of not thousands of people already publish Org files
that have such embedded programming languages eval-ed and expanded,
and now such Org files are published online.

What I am doing here is the same as Org, just that I like to use any
kind of markup to pre-process it before the conversion into HTML.

Back in time I have been testing various templating systems with Perl,
and I found this one was the fastest:
https://metacpan.org/pod/Text::NeatTemplate because I have tested all
templating systems on thousands page expansions and found that one
being fastest, I used it for years.

One can see how variables are being carefully prepared to be passed to
the function. And there are many similar templating systems used for
HTML generation.

Then I have been using for another bunch of years the CL-EMB Common
Lisp templating system:
https://40ants.com/lisp-project-of-the-day/2020/09/0192-cl-emb.html

https://www.common-lisp.net/project/cl-emb/

I think CL-EMB does not use `eval' directly but it uses
`read-from-string' and macro to expand the values. Anything can take
place there, as it is equivalent to eval, any code can be placed in
the text, and of course somebody can insert malicious code and do
something bad.

Let us say I make system in the functional style, that I don't write
plain text but rather Lisp expressions like (html (p "Something"))
then it is also open to inserting malicious code there, it is even
easier to insert malicious code into the code as it camouflages
itself, then inserting malicious code into the plain text.

People like to use embedded programming languages:
https://github.com/dbohdan/embedded-scripting-languages

There are many web template systems:
https://en.wikipedia.org/wiki/Web_template_system

And those hyperlinks demonstrate the demand for that.

Maybe not many people generate HTML pages or emails with Emacs Lisp,
but I need it. I have SMS communication, email communication, letters,
and I like expanding templates on the fly. When working with 1500+
people, it brings better understanding if I send SMS which expands
into personalized messages:

Hello John, I have not get answer on my message to you from 4th May,
did you read it? You still have US $150 pending with us.

What really matters?

- that I can send mass SMS communication, hire people and engage them
  on projects;

- that I can use templating system to send hundreds of thousands of
  emails and thus close sales, as they are personalized;

- that I can use both HTML pages with embedded personalization for
  emails; send HTML pages, it appears personalized, or publish it, it
  is not personalized, with dynamically expanded values, such as
  prices, listings of products, and similar;

-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

Sign an open letter in support of Richard M. Stallman
https://stallmansupport.org/
https://rms-support-letter.github.io/




  reply	other threads:[~2021-05-02  7:37 UTC|newest]

Thread overview: 72+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-22 14:43 How to tame compiler? Jean Louis
2021-04-22 14:46 ` Stefan Monnier
2021-04-22 15:47   ` Jean Louis
2021-04-22 16:06   ` Jean Louis
2021-04-30 13:31   ` Jorge P. de Morais Neto
2021-04-30 19:38     ` rcd-template-eval - was " Jean Louis
2021-04-30 19:48     ` rcd-template-eval, much is in Org mode Jean Louis
2021-04-30 20:06       ` Tassilo Horn
2021-04-30 22:08       ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-04-30 23:04         ` Org mode rant Jean Louis
2021-05-01  0:46           ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-05-01  6:10             ` Jean Louis
2021-05-01  6:34               ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-05-01  9:41                 ` On markdown images Jean Louis
2021-05-01  9:59                   ` Yuri Khan
2021-05-01 10:18                     ` Jean Louis
2021-05-01 11:09                       ` Yuri Khan
2021-05-01 11:25                         ` Jean Louis
2021-05-02 19:30                         ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-05-03  5:43                           ` Yuri Khan
2021-05-03 17:08                             ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-05-03 23:22                               ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-05-04  2:39                   ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-05-01  5:00           ` Org mode rant Bastien
2021-05-01  5:10             ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-05-01  9:16             ` Jean Louis
2021-05-01 10:06               ` Bastien
2021-05-01 10:42                 ` Jean Louis
2021-05-01 10:10               ` Bastien
2021-05-01 11:19                 ` Jean Louis
2021-05-01 13:48                 ` [External] : " Drew Adams
2021-05-01 14:05                   ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-05-01 10:10               ` Bastien
2021-04-30 20:23     ` eval myths - Re: How to tame compiler? Jean Louis
2021-04-30 22:11       ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-04-30 23:07         ` Jean Louis
2021-05-01  0:28           ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-05-01  8:13       ` tomas
2021-04-30 22:06     ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-04-30 22:20       ` Stefan Monnier
2021-04-30 22:31         ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-04-30 22:50           ` Stefan Monnier
2021-04-30 22:56             ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-05-01  0:44 ` Michael Heerdegen
2021-05-01  3:49   ` Stefan Monnier
2021-05-01  4:55     ` Michael Heerdegen
2021-05-01  6:34     ` Jean Louis
2021-05-01 13:38       ` Stefan Monnier
2021-05-01 16:19         ` Jean Louis
2021-05-02  5:41     ` Michael Heerdegen
2021-05-02  7:37       ` Jean Louis [this message]
2021-05-02  7:45       ` Jean Louis
2021-05-02  9:06         ` tomas
2021-05-02 11:18           ` Jean Louis
2021-05-02 12:24             ` tomas
2021-05-02 18:17               ` Jean Louis
2021-05-02 12:06           ` Stages of WWW development compared to Emacs Lisp development Jean Louis
2021-05-02 16:51             ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-05-02 18:37               ` Jean Louis
2021-05-02 16:45       ` How to tame compiler? Emanuel Berg via Users list for the GNU Emacs text editor
2021-05-02 22:29       ` Stefan Monnier
2021-05-02 23:14         ` Jean Louis
2021-05-03  1:58           ` Eduardo Ochs
2021-05-03  6:51             ` Eval in templates - " Jean Louis
2021-05-01  4:53   ` Michael Heerdegen
2021-05-01  7:05     ` Jean Louis
2021-05-01  7:59       ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-05-01  6:03   ` Jean Louis
2021-05-01  6:17     ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-05-02  5:58     ` Michael Heerdegen
2021-05-02  6:54       ` Jean Louis
2021-05-03 21:39       ` Jean Louis

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YI5WwNMkY69v1NI9@protected.localdomain \
    --to=bugs@gnu.support \
    --cc=help-gnu-emacs@gnu.org \
    --cc=michael_heerdegen@web.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.