eval(parse(...))的危害具体是什么? [英] What specifically are the dangers of eval(parse(...))?
问题描述
有关如何避免使用eval(parse(...))
- r-evalparse-is-often-suboptimal
- avoiding-the-infamous-evalparse-construct
哪个引发了问题:
- 为什么应特别避免使用
eval(parse())? - 最重要的是,危险是什么?
- 如果未在生产中使用该代码,是否存在危险? (我在想,有返回意外结果的危险.显然,如果您对解析的内容不小心,将会有问题.但是,这比草率地使用
get()还要危险吗?)
- Why Specifically should
eval(parse())be avoided? - And most importantly, What are the dangers?
- Are there any dangerous if the code is not used in production? (I'm thinking, any danger of getting back unintended results. Clearly if you are not careful about what you are parsing, you will have issues. But is that any more dangerous than being sloppy with
get()?)
推荐答案
针对
eval(parse(...))的大多数参数都是出于安全考虑而出现的 not ,毕竟,对于R为a安全的接口以暴露给Internet,而是因为这样的代码通常所做的事情是可以使用不太模糊的方法(即,既更快又更易于解析的方法)完成的工作. R语言应该是高级语言,因此cognoscenti(我不认为自己属于该组)的偏好是看到既紧凑又富有表现力的代码.Most of the arguments against
eval(parse(...))arise not because of security concerns, after all, no claims are made about R being a safe interface to expose to the Internet, but rather because such code is generally doing things that can be accomplished using less obscure methods, i.e. methods that are both quicker and more human parse-able. The R language is supposed to be high-level, so the preference of the cognoscenti (and I do not consider myself in that group) is to see code that is both compact and expressive.因此,危险在于
eval(parse(..))是解决知识匮乏的后门方法,而提高这种障碍的希望是人们将改善对R语言的使用.门仍然是敞开的,但是希望可以更富有表现力地使用其他功能. 卡尔·威索夫特(Carl Witthoft)今天早些时候提出的问题说明了不知道get功能可用的问题,并且他链接到的问题暴露了对[[函数行为方式的了解不足(以及$比[[受更多限制的方式).在这两种情况下,都可以构建eval(parse(..))解决方案,但是它比其他解决方案更笨拙且不清楚.So the danger is that
eval(parse(..))is a backdoor method of getting around lack of knowledge and the hope in raising that barrier is that people will improve their use of the R language. The door remains open but the hope is for more expressive use of other features. Carl Witthoft's question earlier today illustrated not knowing that thegetfunction was available, and the question he linked to exposed a lack of understanding of how the[[function behaved (and how$was more limited than[[). In both cases aneval(parse(..))solution could be constructed, but it was clunkier and less clear than the alternative.这篇关于eval(parse(...))的危害具体是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
- Are there any dangerous if the code is not used in production? (I'm thinking, any danger of getting back unintended results. Clearly if you are not careful about what you are parsing, you will have issues. But is that any more dangerous than being sloppy with
- 如果未在生产中使用该代码,是否存在危险? (我在想,有返回意外结果的危险.显然,如果您对解析的内容不小心,将会有问题.但是,这比草率地使用
