Sandbox.set
Okay, well, a year later… David Stevenson offered a patch on the mailing list for freakyfreaky which adds a method for setting variables inside the Sandbox. This got expanded a bit and has become Sandbox.set
!
>> box = Sandbox.safe
>> box.set "radish", "`,"
>> box.eval "radish"
=> "`,"
And the object_ids for the two strings are different. Meaning: it got marshalled in.
However, it’s also smart about passing references in and out.
>> class Katsuhito; end
>> box.ref Katsuhito
>> k = Katsuhito.new
=> (Katsuhito:0xb7d1dce4)
>> box.set "k", k
>> k.class.ancestors
=> [Katsuhito, Object, Kernel]
>> box.eval "k.inspect"
=> "(Katsuhito:0xb7d1dc6c)"
>> box.eval("k.class.ancestors.inspect")
=> "[Katsuhito, BoxedClass, Object, Kernel]"
>> box.eval "k"
=> (Katsuhito:0xb7d1dce4)
This is a bit twisted to look through, but anyway. We’re dealing with two variables here named k
. The original k
is outside the sandbox. And the second is set
inside.
The original k
is the real thing. You can see its ancestry is intact. But the k
inside the sandbox is descended from BoxedClass. Meaning its just an empty proxy class. More on this at RedHanded.
Oh, and the last line. When k
is passed back to the main environment, we get back the original k
object!
Blueberry
That is pretty darn funky!
zimbatm
_why, are the last ruby patches integrated in the ruby source ? I think they’ll release a version soon.
misuba
This gets us way, way closer to that dream of the sandbox wiki where the world writes your web application for you. Kudos!
MenTaLguY
_why, have you gotten any of my recent emails regarding updating/moving the hobix.com website? If you’ve replied, I didn’t get them. If you’d tried before and the email didn’t get through, please drop me a line with my comment form at least so I know what’s going on.
I don’t particularly want to fork the project, but if there’s no way I can get the official site updatable, I will. People are upset about the out-of-date and incomplete stuff on the site, and I don’t want to deal with it anymore if I can’t do something about it.
Evan
Do you know about http://www.c-jump.com/ just asking.
Comments are closed for this entry.