On Tue, 05 Sep 2006 07:09:55 -0700, Joachim (Mnchen)
wrote:

> my user should be able to define variables, to define functions, to
> include scripts, to hack for-loops, to iterate over arrays &c: the full
> functionality of irb. Is that really possible with Kernel::eval ?
> Joachim

Yes, just like some of the examples that float around here of people
defining whole methods in class_eval (sometimes several methods, in fact)
you can indeed do that. (And I just tested and you can load/require files
too)

Be aware though that by using Kernel::eval on user input, your user can
also sleuth around and hack his way into the program you have written, so
you should be very careful about using this anywhere were security is
critical.

You should also be very careful about running eval in a context where
there are exposed functions that could interfere with your user's intended
meaning for his code.

I'd suggest looking at how IRB works, and then replicate its guts to
provide a relatively safe and clean execution environment. (Or use parts
of the IRB setup, but not the front command shell.) In particular, I think
the tricks are in irb/workspace.rb

--Ken Bloom

-- 
Ken Bloom. PhD candidate. Linguistic Cognition Laboratory.
Department of Computer Science. Illinois Institute of Technology.
http://www.iit.edu/~kbloom1/