| ▲ | bccdee 4 hours ago | |||||||
That's a bad thing, though. You should not be `eval`-ing your config file, much less untrusted messages. | ||||||||
| ▲ | attila-lendvai 3 hours ago | parent | next [-] | |||||||
you don't need to call eval for the usual config file setup, only read. (but you often get something much better when config files are plain lisp code; i.e. they are eval'ed, assuming that the threat model allows it) | ||||||||
| ▲ | evdubs 4 hours ago | parent | prev [-] | |||||||
I am not so sure how it works, but you can define your own evaluation handler for `eval` which, I assume, can be as restrictive as you need if you're dealing with untrusted data. | ||||||||
| ||||||||