Subject: Re: What makes different things lispy or unlispy?
From: rpw3@rpw3.org (Rob Warnock)
Date: Thu, 25 Jun 2009 21:36:49 -0500
Newsgroups: comp.lang.lisp
Message-ID: <o_idndNejMXcqdnXnZ2dnUVZ_rCdnZ2d@speakeasy.net>
Pascal J. Bourguignon <pjb@informatimago.com> wrote:
+---------------
| The problem with strings is that you're in danger of code injection.
| Assume I write a macro (insert-index ".apples[" index "].taste") whose
| purpose is build a 'form' with the index evalualted and inserted.  If
| the index evaluates to a string such as "0];shell(\"rm -rf /\");x",
| instead of a number you may well generate:
| 
|    ".apples[0];shell(\"rm -rf /\");x.taste" [*]
+---------------

Ahhh yezzz... And let us never forget Little Bobby Tables:

    http://xkcd.com/327/
    Exploits of a Mom


-Rob

-----
Rob Warnock			<rpw3@rpw3.org>
627 26th Avenue			<URL:http://rpw3.org/>
San Mateo, CA 94403		(650)572-2607