如何根据名称动态调用方法? [英] How to call methods dynamically based on their name?
本文介绍了如何根据名称动态调用方法?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
当方法名称包含在字符串变量中时,如何动态调用该方法?例如:
How can I call a method dynamically when its name is contained in a string variable? For example:
class MyClass
def foo; end
def bar; end
end
obj = MyClass.new
str = get_data_from_user # e.g. `gets`, `params`, DB access, etc.
str #=> "foo"
# somehow call `foo` on `obj` using the value in `str`.
我该怎么做?这样做是否存在安全风险?
How can I do this? Is doing so a security risk?
推荐答案
你想做的事情叫做dynamic发送.在 Ruby 中这很容易,只需使用 public_send
:
What you want to do is called dynamic dispatch. It’s very easy in Ruby, just use public_send
:
method_name = 'foobar'
obj.public_send(method_name) if obj.respond_to? method_name
如果方法是私有/受保护的,请使用 send
代替,但更喜欢 public_send
.
If the method is private/protected, use send
instead, but prefer public_send
.
如果method_name
的值来自用户,这是一个潜在的安全风险.为了防止漏洞,您应该验证可以实际调用哪些方法.例如:
This is a potential security risk if the value of method_name
comes from the user. To prevent vulnerabilities, you should validate which methods can be actually called. For example:
if obj.respond_to?(method_name) && %w[foo bar].include?(method_name)
obj.send(method_name)
end
这篇关于如何根据名称动态调用方法?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文