Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I cam across this code from a remoting function (clojurescriptone) where the data sent back from the browser is being read. My question is what is the significance of setting the read-eval to false is ?
(binding [read-eval false] (read-string data))
Thanks,
Murtaza
It is a security measure so the browser cannot send code to be executed in the server. For example if the client/browser send
"#=(eval (System/exit 1))"and *read-eval* is true, the server process will exit, which is probably something that you don’t want.See the difference of behaviour:
Also see the docs on *read-eval*.