You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,7 +9,7 @@ Parse strings to Julia types securely (types only, not typed data!).
9
9
Retrieving a type from a serialized string is a recurring task. Sometimes we can use Julia serialization, other times it is enough to store every serialized type in a dict, but if we want more flexibility, we need a parser. `eval()` solves the problem, but it has a huge cost: it is inherently insecure as it allows arbitrary code execution ([ACE on wikipedia](https://en.wikipedia.org/wiki/Arbitrary_code_execution)).
10
10
11
11
TypeParsers takes the easy route and internally uses `eval()`. To mitigate the security issue we validate the string before evaluation.
12
-
Validation is based on Tom Short's work: https://gist.github.com/tshort/3835660
12
+
Validation is based on Tom Short's work: https://gist.github.com/tshort/3835660 (check the [validation tests](https://github.com/Circo-dev/TypeParsers.jl/blob/master/test/runtests.jl))
0 commit comments