Re: Snow Leopard osax security and 'run script' with parameters
Re: Snow Leopard osax security and 'run script' with parameters
- Subject: Re: Snow Leopard osax security and 'run script' with parameters
- From: has <email@hidden>
- Date: Sat, 9 Jan 2010 14:01:40 +0000
Stockly, Ed wrote:
>> To be fair, there are a few situations where dynamic code generation in AS
>> _is_ the best (or only) way to go.
>
> Many of the do shell script solutions ...
Many 'do shell script' solutions involve dynamic code generation, yes. As soon as you build up the shell script string by concatenating it with paths strings, etc, you have to consider what could happen if the shell script is wrongly formed. That's why it is so very important to sanitise all of your inputs (hint: 'quoted form of some_text' is your friend); forget, and anything could happen from an unexpected error to a hosed system when that script runs.
> ... and solutions using script objects posted on this list are, technically, examples of dynamic code generation.
No, not unless you're fabbing the source code for those objects on the fly, whether using 'run script "script ... end script"' as shown earlier, or using the command-line 'osacompile' tool, or even by scripting Script Editor itself. Once again, the same serious warnings about sanitising your inputs apply.
Using script objects as libraries or in object-oriented programming does not constitute dynamic code generation, however, so just the usual concerns about running any piece of pre-written code apply there.
Regards,
has
--
Control AppleScriptable applications from Python, Ruby and ObjC:
http://appscript.sourceforge.net
_______________________________________________
Do not post admin requests to the list. They will be ignored.
AppleScript-Users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
Archives: http://lists.apple.com/archives/applescript-users
This email sent to email@hidden