Hey Rails folks-- I have a situation that would greatly benefit from allowing a user to submit code (Ruby) that could be executed by the site during the creation of new objects. Basically, it would allow the user the ability to provide code used for naming the objects from various fields and numbers. Unfortunately, a simple substitution method will not work. There needs to be some way to actually execute the code. Is there a way to sufficiently "jail" some Ruby code so that I can provide a hash to the user''s code and receive back some string? Jake -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Check out _why''s Sandbox: http://redhanded.hobix.com/inspect/freakyfreakyNowResumesItsUsualSandlySelf.html On 12/1/06, Jake Janovetz <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > > Hey Rails folks-- > > I have a situation that would greatly benefit from allowing a user to > submit code (Ruby) that could be executed by the site during the > creation of new objects. Basically, it would allow the user the ability > to provide code used for naming the objects from various fields and > numbers. > > Unfortunately, a simple substitution method will not work. There needs > to be some way to actually execute the code. > > Is there a way to sufficiently "jail" some Ruby code so that I can > provide a hash to the user''s code and receive back some string? > > Jake > > -- > Posted via http://www.ruby-forum.com/. > > > >-- Thanks, -Steve http://www.stevelongdo.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Steve Longdo wrote:> Check out _why''s Sandbox: > http://redhanded.hobix.com/inspect/freakyfreakyNowResumesItsUsualSandlySelf.html > > On 12/1/06, Jake Janovetz <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote: >> Unfortunately, a simple substitution method will not work. There needsHm. That looks like the ticket. So, this is basically an extension that runs the "eval" in a thread. I''m not quite sure I understand the contribution. (Note, it made me aware of the ''Thread'' SAFE levels which can essentially sandbox an eval) So, what is _why''s contribution here? Is it the "autokill" stuff that is performed after a timeout? I''m just trying to understand the real differences between _why''s sandbox and what I could already have done with Thread, $SAFE, and eval. Jake -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Actually it is more complicated than just SAFE. Sandbox pushes the level of the interpreter ''up'' into another namespace so that core objects(e.g. Kernel) can''t be hacked. Allowing for cool stuff like running multiple interpreters inside of a single Ruby process. Also it is written in C that extends/changes Ruby to make it happen. Sandbox is now bundled into the Ruby distribution from 1.8.5+. On 12/1/06, Jake Janovetz <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > > Steve Longdo wrote: > > Check out _why''s Sandbox: > > http://redhanded.hobix.com/inspect/freakyfreakyNowResumesItsUsualSandlySelf.html > > > > > On 12/1/06, Jake Janovetz <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote: > >> Unfortunately, a simple substitution method will not work. There needs > > > > Hm. That looks like the ticket. So, this is basically an extension > that runs the "eval" in a thread. I''m not quite sure I understand the > contribution. (Note, it made me aware of the ''Thread'' SAFE levels which > can essentially sandbox an eval) > > So, what is _why''s contribution here? Is it the "autokill" stuff that > is performed after a timeout? I''m just trying to understand the real > differences between _why''s sandbox and what I could already have done > with Thread, $SAFE, and eval. > > Jake > > -- > Posted via http://www.ruby-forum.com/. > > > >-- Thanks, -Steve http://www.stevelongdo.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---