Well, yeah, good progress, many adornments now line the fuzzy coat of Mr. F. F. Snadbox. We’ll draw our gaze to that plastic patch buttoned onto one of the extra buttons of his sleeve. It says extern rb_global_tbl (Audience Compulsion Favorite 2006.)

Here’s the deal: the sandbox won’t be completely safe under 1.8.4 and previous. That’s okay, you’ll still have chance to do some of the neat namespacing tricks. However, it won’t be safe for running untrusted code.

Why not? Well, the global variables will be shared between all sandboxes in 1.8.4. Also, some classes (specifically: MatchData, RegexpError and NameError::message) expose the main namespace. Matz has now given FreakyFreaky some access to swap these out for 1.8.5.

So Sandbox.new will work under both Ruby versions. But Sandbox.safe will only work under 1.8.5.

Anyway, here’s a rundown of the enhancements over the last day:

• Sandbox imports singletons and constants for the core classes.
• Added Regexp, Range to the core.
• Fixed obvious problems with GC and the swapping tables. (The previous symbol table is saved in kit->banished now.)
• Sandbox.load can be used to load files into the sandbox. (s = Sandbox.new; s.load('pascal.rb'); puts s.eval('pascal(10)'))

You know, RubyQuiz is such a great place to get test scripts for this kind of thing.