ansaurus

Question

Is there a way in Ruby/Rails to execute code that is in a string?

Answer 1

+4 A:

You can use eval:

code = '@var.reverse'
@var = 'Hello'
@result = eval(code)  # => "olleH"

But be very careful in doing so; you're giving that code full access to your system. Try out eval('exit()') and see what happens.

Pesto 2009-07-27 15:41:49

Worked like a magic.Yes I understand that this is a security/usability issue. But this is a prototype for the internal use only and I also hope that there's a plugin that can do similar functionality but with "sandboxing", meaning letting me expose only certain ruby functions or even better just a set of methods of a certain class. I guess it's a separate discussion ;-)

Zepplock 2009-07-27 15:56:45

Answer 2

+3 A:

To the eval answer (which is the right one) I would add: get thee a copy of the Pickaxe Book (either Programming Ruby or Programming Ruby 1.9 depending on your Ruby version) and read the chapter called "Locking Ruby in the Safe." That chapter is all about Ruby's safe levels and tainted objects, and the chapter opens with exactly your use case and why you need to be paranoid about it.

SFEley 2009-07-27 17:50:20

ansaurus

tags:

views:

answers:

Is there a way in Ruby/Rails to execute code that is in a string?

related questions