Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

.EVAL as a method call bypasses the MONKEY-SEE-NO-EVAL pragma #5468

Open
p6rt opened this issue Jul 20, 2016 · 4 comments
Open

.EVAL as a method call bypasses the MONKEY-SEE-NO-EVAL pragma #5468

p6rt opened this issue Jul 20, 2016 · 4 comments

Comments

@p6rt
Copy link

p6rt commented Jul 20, 2016

Migrated from rt.perl.org#128684 (status was 'open')

Searchable as RT128684$

@p6rt
Copy link
Author

p6rt commented Jul 20, 2016

From @zoffixznet

The EVAL as a sub shows an error message about MONKEY-SEE-NO-EVAL​:

m​: my $x = 'say "hello"'; EVAL "$x"
rakudo-moar 58dc8c​: OUTPUT«===SORRY!=== Error while compiling <tmp>␤EVAL is a very dangerous function!!! (use MONKEY-SEE-NO-EVAL to override,␤but only if you're VERY sure your data contains no injection attacks)␤at <tmp>​:1␤------> my $x = 'say "hello"'; EVAL "$x"…»

However, if the method form of EVAL is used, no such error is generated​:
m​: my $x = 'say "hello"'; "$x".EVAL
rakudo-moar 58dc8c​: OUTPUT«hello␤»

Expected behaviour​: both versions show the error.

--
Cheers,
ZZ | https://twitter.com/zoffix

@p6rt
Copy link
Author

p6rt commented Aug 2, 2016

@coke - Status changed from 'new' to 'open'

@ab5tract
Copy link

ab5tract commented Jan 6, 2023

We just ran into this again in discussion today. It's been working this way for so long that it's no longer clear whether it is unintentional or not.

Some weighing in from core devs on this could be useful.

@lizmat
Copy link
Contributor

lizmat commented Jan 7, 2023

I'm afraid changing it in 6.c / 6.d would break too much code in the wild.

I wouldn't be against needing the pragma for 6.e.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants