6 Feb
2009
6 Feb
'09
1:13 p.m.
On Wed, Feb 4, 2009 at 4:56 PM, Gwern Branwen
Now, to implement it, I would probably say to myself, "well, we'll create a temporary file, we'll write some basic imports into it, then we'll write the user's expression into it as the definition of a function 'foo', and main will be defined as 'main = renderFile foo'. Then we use 'runhaskell' on the temporary file to create the picture, delete the temp file, and bob's your uncle."
Except of course there's nothing to prevent DoS attacks or other exploits in the arbitrary code. So do we accept this and say that this is a plugin one uses at one's own risk?
Hackage contains some packages for that sandboxing, like mueval which is now used by lambdabot on #haskell I believe. -- Jedaï