[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Were there any practical implications by Hyperbole using `eval'?

From: Robert Weiner
Subject: Re: Were there any practical implications by Hyperbole using `eval'?
Date: Tue, 11 May 2021 20:09:31 -0400

We have not had any issues nor heard of any.  Since Hyperbole allows you to see what a button will do before activating it, if you use an unfamiliar button or button type, it is your responsibility to check it our before activating it in case you ever run into a malicious actor. 

On Tue, May 11, 2021 at 1:28 PM Jean Louis <bugs@gnu.support> wrote:
As I am using heavily `eval' in my rcd-template package for template
interpolation, and people complain, like I should minimize it, but I
have no other way around it, I would like to ask if there were ever
any practical negative consequences by Hyperbole using `eval'?

It is if I guess well, decades old package, but maybe I am wrong,
decades are passing quickly.

How I see it here, it is frequently used. Of course, it allows
execution of any Lisp _expression_ by various means.

But were there any problematic issues ever?

I believe that code is well written, and I don't refer to code, I
rather ask if anybody complained or if anything practical, like users'
data was reported to be destroyed by incorrect `eval'.

grep --color=auto -nH -e "(eval " *.el
hact.el:412:                   (eval (cons action args))
hact.el:413:                 (eval action))
hact.el:447:               (eval act)
hact.el:448:             (eval action))
hactypes.el:52:  (let ((result (eval bool-expr)))
hactypes.el:65:  (eval lisp-expr))
hargs.el:267:                 (eval not-quoted))
hargs.el:272:                 (eval not-quoted))
hargs.el:509:               (eval iform))
hbmap.el:97:                   (eval form)
hbut.el:655:    (eval `(ebut:program label actype ,@args))))))
hmail.el:118:  (eval expr)
hmouse-drv.el:845:              pred-value (eval pred))
hmouse-drv.el:849:               (eval hkey-action))
hmouse-drv.el:864:      (or (setq pred-value (eval (car hkey-form)))
hsmail.el:83:      (let ((comment (eval (or comment-form smail:comment))))
hui-mini.el:136:    (while (and show-menu (eval set-menu))
hui-mini.el:156:                              rtn (eval act-form))))))
hui-mini.el:185:    (while (and show-menu (eval set-menu))
hui-mouse.el:1476:  (eval lisp-form))
hui-window.el:867:                 (setq w1-ref (eval (cadr (assq major-mode hmouse-drag-item-mode-forms))))
hui-window.el:1239:          (eval (cdr (assoc (hyperb:window-system)
hui-window.el:1257:  (let ((y (eval (cdr (assoc (hyperb:window-system)
hycontrol.el:771:                   (eval expr))))
hycontrol.el:792:                            (not (eval (cons 'or (hycontrol-display-buffer-predicate-results buf)))))
hycontrol.el:795:                            (eval (cons 'or (hycontrol-display-buffer-predicate-results buf))))))
hycontrol.el:1683:                         ((eval predicate)
hypb.el:58:             (eval predicate)
hypb.el:326:      (eval (append
hyrolo-logic.el:127:      (setq total-matches (eval (read expr))))
hyrolo-logic.el:203:              (let ((result (eval sexp)))

I use:  Editor:      GNU Emacs 28.0.50 (build 1, x86_64-pc-linux-gnu, X toolkit, cairo version 1.17.4, Xaw3d scroll bars)

        Hyperbole:   8.0.0pre
        Sys Type:    x86_64-pc-linux-gnu
        OS Type:     gnu/linux
        Window Sys:  x
        News Reader: Gnus v5.13

Jean Louis

Take action in Free Software Foundation campaigns:

reply via email to

[Prev in Thread] Current Thread [Next in Thread]