If you are allowing arbitrary Smalltalk to be shipped in via HTTP, then I would worry about some wiseguy writing malicious code in the block ...
Dale On Mon, Jul 14, 2014 at 8:19 AM, Norbert Hartl <norb...@hartl.name> wrote: > I was looking for a solution where I can have a textual grammar for a DSL > in order to specify filters on objects. I didn't really search the net > because I know a cute little DSL for that already. It is called smalltalk, > you might have heard of it. > > So what I do is putting the filter spec into the image via an http > interface, materialize the filter in image and store it in a database to > have them survive image restart. A filter spec could look like this > > [ :value | ( self sectionLabelOf: value ) = 'device' ] > > I want to know if there is any trouble to expect if I'm using plain block > syntax for that task. As the blocks are injected using an http interface > there is no environment/context problem. I would have some helper class as > a facade to ease the filtering let's call it > > FilterHelper (would have a class side method #sectionLabelOf:) > > So getting the block code via HTTP I could do > > block := Smalltalk compiler > evaluate: request contents > for: FilterHelper > logged: false > > And I would serialize it into a database as a string again doing > > self store: block sourceNode formattedCode > > Are there any possible drawbacks using it this way? > > thanks, > > Norbert > > >
