Issue #12399 has been reported by Tsuyoshi Sawada.

----------------------------------------
Feature #12399: Restricted, safe version of `Kernel#eval`
https://bugs.ruby-lang.org/issues/12399

* Author: Tsuyoshi Sawada
* Status: Open
* Priority: Normal
* Assignee: 
----------------------------------------
`Kernel#eval` is convenient, but sometimes, it can be a security risk, and often people crazily react against using it even when it is not dangerous.

I propose to have a restricted version of `eval`, which can interpret Ruby literals, but whenever there is constant assignment, variable assignment, method call, or method definition, it raises an error.

It can be used to safely accept parameters given as a string. One example use is, parameter interpretation of command line option parser can be easily be done under the assumption that the parameter is given as Ruby expression.



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>