If *you* are the wiseguy, then Smalltalk is a pretty powerful internal DSL:)

Dale


On Mon, Jul 14, 2014 at 9:09 AM, Dale Henrichs <
dale.henri...@gemtalksystems.com> wrote:

> If you are allowing arbitrary Smalltalk to be shipped in via HTTP, then I
> would worry about some wiseguy writing malicious code in the block ...
>
> Dale
>
>
> On Mon, Jul 14, 2014 at 8:19 AM, Norbert Hartl <norb...@hartl.name> wrote:
>
>> I was looking for a solution where I can have a textual grammar for a DSL
>> in order to specify filters on objects. I didn't really search the net
>> because I know a cute little DSL for that already. It is called smalltalk,
>> you might have heard of it.
>>
>> So what I do is putting the filter spec into the image via an http
>> interface, materialize the filter in image and store it in a database to
>> have them survive image restart. A filter spec could look like this
>>
>> [ :value | ( self sectionLabelOf: value ) = 'device'  ]
>>
>> I want to know if there is any trouble to expect if I'm using plain block
>> syntax for that task. As the blocks are injected using an http interface
>> there is no environment/context problem. I would have some helper class as
>> a facade to ease the filtering let's call it
>>
>> FilterHelper (would have a class side method #sectionLabelOf:)
>>
>> So getting the block code via HTTP I could do
>>
>> block := Smalltalk compiler
>>         evaluate: request contents
>>         for: FilterHelper
>>         logged: false
>>
>> And I would serialize it into a database as a string again doing
>>
>> self store: block sourceNode formattedCode
>>
>>  Are there any possible drawbacks using it this way?
>>
>> thanks,
>>
>> Norbert
>>
>>
>>
>

Reply via email to