On Fri, Feb 6, 2009 at 1:13 PM, Chaddaï Fouché <[email protected]> wrote: > On Wed, Feb 4, 2009 at 4:56 PM, Gwern Branwen <[email protected]> wrote: >> >> Now, to implement it, I would probably say to myself, "well, we'll >> create a temporary file, we'll write some basic imports into it, then >> we'll write the user's expression into it as the definition of a >> function 'foo', and main will be defined as 'main = renderFile foo'. >> Then we use 'runhaskell' on the temporary file to create the picture, >> delete the temp file, and bob's your uncle." >> >> Except of course there's nothing to prevent DoS attacks or other >> exploits in the arbitrary code. So do we accept this and say that this >> is a plugin one uses at one's own risk? > > Hackage contains some packages for that sandboxing, like mueval which > is now used by lambdabot on #haskell I believe.
Yes, I'm familiar with mueval, but it may not be the right approach in this case (quite aside from the fact that a fair number of changes would be necessary). See my comment on the Pandoc issue: http://code.google.com/p/pandoc/issues/detail?id=102#c9 -- gwern _______________________________________________ Haskell-Cafe mailing list [email protected] http://www.haskell.org/mailman/listinfo/haskell-cafe
