|
|
|
|
|
|
by snprbob86
4996 days ago
|
|
|
As Groxx points out, yes, you need to sanitize input. It's pretty easy to return an error if the user input doesn't match a whitelisting regex. It can be as simple as /[a-z][a-z0-9]*/i However, in a Lisp, eval typically works on lists, not on strings. In effect, behaving like a parametric SQL query: a quotation mark or close paren or whatever in the string would be harmless. |
|
|