Re^4: embedding a safe unescapable mini perl interpreter?

ok. thanks everybody.

it looks like this is going to be a lot more effort than I thought it would be. pity and surprising. there should be a complete set of everything that can 'escape' into the sandbox---backquotes, system(), fopen(), etc.---or, better yet, a complete set of features known not to escape. all I wanted is a clear subset with string manipulation, numerical functions, STDOUT, and basic variables, and a set of functions I would enumerate as 'safe'. if that had existed, I could have sanitized the first user input, and then passed it to 'eval'. it may still be simpler to do this than to write my own little language.

next, I will check out SafeEval, as described in http://www.daniweb.com/software-development/perl/code/216821

Comment on Re^4: embedding a safe unescapable mini perl interpreter?

Replies are listed 'Best First'.
Re^5: embedding a safe unescapable mini perl interpreter? by Anonymous Monk on Jan 01, 2012 at 06:06 UTC
... Funny :) I don't get it :) What is the problem with using Template (without EVAL_PERL) or Inline::Lua? Or javascript (with http://www.adsafe.org/ )? Have you heard of Safe, Safe::Hole?	[reply]