[Bug 9065] [XQ31ReqUC] eval() from bugzilla@jessica.w3.org on 2013-02-06 (public-qt-comments@w3.org from February 2013)

From: <bugzilla@jessica.w3.org>
Date: Wed, 06 Feb 2013 09:11:57 +0000
To: public-qt-comments@w3.org
Message-ID: <bug-9065-523-emuoNeueKt@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=9065

Adam Retter <adam@exist-db.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |adam@exist-db.org

--- Comment #1 from Adam Retter <adam@exist-db.org> ---
Having had an eval(...) in our implementation for many years, it is actually
something I am working toward eliminating.

The problem with eval() is it opens you up to a raft of potential problems,
such as XQuery injection attacks etc. Perhaps that is more of an implementation
concern, but I just wanted to warn that eval() comes with downsides. We have
found that we have been able to eliminate a lot of our use-cases for eval with
higher-order-functions and fn:function-lookup. We think that with a dynamic
module import facility we could eliminate even more of our use-cases for eval.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Wednesday, 6 February 2013 09:12:01 UTC