>>>>> "D" == Daniel Berger <djberg96 / attbi.com> writes:

D> Oh, and thanks Guy. Perhaps a cookbook entry?

 Not a cookbook entry but I'll say you why in this case eval is evil

 Imagine that you have this module

pigeon% cat hab.rb
module Hab
  def biv(attributes)
    attributes.each do |k, v|
      name = k.id2name
      instance_eval(<<-EOS)
        class << self
          attr_accessor :#{name}
        end
      EOS

      send("#{name}=", v)
    end
  end

end
pigeon% 

 because you find it usefull, you always use it and one day you'll write

pigeon% cat b.rb
#!/usr/bin/ruby
require 'hab'
class A
   include Hab
end

Thread.new do
   $SAFE = 3
   a = A.new
   a.biv(:aaa => 12)
   p a.aaa
end.join
pigeon% 

pigeon% b.rb
./hab.rb:5:in `instance_eval': Insecure operation - instance_eval (SecurityError)
        from ./b.rb:7:in `join'
        from ./b.rb:7
pigeon% 

 You have an usefull module, but this module is just useless because it
 can't be used with $SAFE = 3.

 Now rewrite it

pigeon% cat hab.rb
module Hab
  def biv(attributes)
    attributes.each do |k, v|
      type.send(:attr_accessor, k)
      send("#{k}=", v)
    end
  end

end
pigeon% 

pigeon% cat b.rb
#!/usr/bin/ruby
require 'hab'
class A
   include Hab
end

Thread.new do
   $SAFE = 3
   a = A.new
   a.biv(:aaa => 12)
   p a.aaa
end.join
pigeon%
 
pigeon% b.rb
12
pigeon% 

 This module do the same thing and it still work with $SAFE = 3. Each time
 that you use #eval means that you'll not be able to use your module with
 $SAFE = 3



Guy Decoux