Clojure

GC Issue 34: A Lisp reader without access to EvalReader()

Details

  • Type: Defect Defect
  • Status: Closed Closed
  • Resolution: Completed
  • Affects Version/s: None
  • Fix Version/s: None
  • Component/s: None
  • Labels:
    None

Description

Reported by dresweng...@dreish.org, Jan 06, 2009
Like any good Lisp, Clojure can compile and run code while reading, read and compile code while 
running, and read and run code while compiling.

Unfortunately that means it isn't safe for an application to use (read) to read something from an 
untrusted source. If the input stream contains, e.g., #=(eval (def core-app-function #(throw 
(Exception.)))), the application would blow up.

Feature request is for a version of the reader that has #= shut off, for reading untrusted data.

(Discussion was on #clojure; rhickey asked me to add this, so there's no Google Group discussion 
that I'm aware of.)
Comment 1 by christophe.grand, Jan 17, 2009
the aforementioned discussion: http://clojure-log.n01se.net/date/2009-01-06.html#18:41c
Comment 2 by the.stuart.sierra, Feb 18, 2009
Common Lisp has *read-eval*:
http://www.lispworks.com/documentation/HyperSpec/Body/v_rd_eva.htm

A similar flag might be an easy way to implement a "safe" reader.
Comment 3 by jhawk28, Mar 17, 2009
adds the *read-eval*
 Issue 34.patch.txt
2.1 KB Download
Comment 4 by richhickey, Apr 12, 2009
Patch applied - r1347 - thanks!
Status: Fixed

People

  • Assignee:
    Unassigned
    Reporter:
    Anonymous
Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved: