|
|
|
|
|
|
by dragonwriter
3188 days ago
|
|
|
> Either you have a dedicated expression parser, or you run it directly throgh eval. There is no reliable middle ground. While there is no safe middle ground, using eval directly is the worst case; it's not a case where those extremes reliable and there is greater danger in between. That being said, rejecting everything that fails an expression parser is a form of sanitization. |
|
|