Wes Gamble
2006-Dec-04 20:26 UTC
View: @object.send(''method'') vs. eval("@object.method")
All,
I have a view component that I would like to generalize.
What are the practical differences (if any) between using
@object.send(''xyz'')
and
eval("@object.xyz")
to dynamically get at an object''s attributes?
Thanks,
Wes
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
Chris T
2006-Dec-04 21:04 UTC
Re: View: @object.send(''method'') vs. eval("@object.method")
Wes Gamble wrote:> All, > > I have a view component that I would like to generalize. > > What are the practical differences (if any) between using > > @object.send(''xyz'') > > and > > eval("@object.xyz") > > to dynamically get at an object''s attributes? > > Thanks, > Wes > >Short answer: The first is much better from a security point of view (image what @object.xyz could contain). If send doesn''t have enough functionality, investigate instance_eval: http://corelib.rubyonrails.org/classes/Object.html#M001079 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Wes Gamble
2006-Dec-04 21:50 UTC
Re: View: @object.send(''method'') vs. eval("@object.method")
In this particular case, I''m just using the eval to get at attributes
of
an object, so I have complete control over what is getting
"eval"''ed.
The reason I want to use eval is if I want to get at an attribute that
is embedded in a subordinate object.
I can specify that with x.y.z.attr and eval it
instead of
x.send(y).send(z).send(attr) or
x.instance_eval { @y.send(z).send(attr) } or other more verbose ways of
expressing "go get this attribute from somewhere in the object graph".
Wes
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
Jonathan Viney
2006-Dec-05 01:07 UTC
Re: View: @object.send(''method'') vs. eval("@object.method")
Another option could be do define the [] method on the object to return the
result of running that method.
class MyClass
def [](method)
send(method)
end
end
That would make it less verbose:
x[y][z][attr]
But if you are 100% sure that what is being passed to eval is completely
safe, then using eval shouldn''t be a problem.
-Jonathan
On 12/5/06, Wes Gamble
<rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
wrote:>
>
> In this particular case, I''m just using the eval to get at
attributes of
> an object, so I have complete control over what is getting
"eval"''ed.
>
> The reason I want to use eval is if I want to get at an attribute that
> is embedded in a subordinate object.
>
> I can specify that with x.y.z.attr and eval it
>
> instead of
>
> x.send(y).send(z).send(attr) or
>
> x.instance_eval { @y.send(z).send(attr) } or other more verbose ways of
> expressing "go get this attribute from somewhere in the object
graph".
>
> Wes
>
> --
> Posted via http://www.ruby-forum.com/.
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---