Funny I was just playing with the go language version of tryruby which
also uses a sandbox.

I referring to how rails generators as input are used to alleviate the
boilerplate code in crud operations. For example the dynamic finders
i.e. find_by_#{evaluated_string} are most likely eval created.

I imagine putting the whole interpreter online must be a huge security
conscious effort.

On Thu, May 5, 2011 at 3:58 PM, Josh Cheek <josh.cheek / gmail.com> wrote:
> On Thu, May 5, 2011 at 3:30 PM, Stu <stu / rubyprogrammer.net> wrote:
>
>> eval though is the root method it might be safer to use one of the
>> more focused wrapper methods such as class_eval, instance_eval and
>> define_method.
>>
>> ~Stu
>>
>>
> It's not clear to me how those are safer, I thought those just change
> contexts. For example, I can still call system (or do anything else, I would
> expect).
>
> Whatever = Class.new
> users_code = 'system "echo just doin the evils"'
> Whatever.class_eval users_code # >> just doin the evils
>