On Aug 17, 2009, at 14:34 , raiph mellor wrote:
However it seems we have to pay a price: each act of rendering a Pod file actually means executing the program that's being documented (at least the BEGIN blocks and other stuff that happens at compile time), with all the security risks implied. So we'll need a *very* good sandbox. Is that worth it?From the spec: However, during parsing and initialization under K<-doc>, the interpreter only executes those C<BEGIN>, C<CHECK>, and C<INIT> blocks (and equivalents, such as C<use> statements and subroutine declarations) that are preceded by the special prefix: C<DOC>
Nonetheless, DOC INIT { system "rm -rf ." } (or etc.) would be unfortunate.
-- brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allb...@kf8nh.com system administrator [openafs,heimdal,too many hats] allb...@ece.cmu.edu electrical and computer engineering, carnegie mellon university KF8NH
PGP.sig
Description: This is a digitally signed message part
