Capture the Trig Function from an Option Menu Button

Richard Gaskin ambassador at fourthworld.com
Sun Dec 9 16:03:02 EST 2012


Jim Hurley wrote:

 > But there is certainly a nice generic quality to Do.
 > "Never mind what, just Do it."

And in that lies one more reason to use "do" only with great care:

In areas where it may be affected by user inputs it can become an 
injection vulnerability.

The rest of the language is reasonable secure, but "do", "value", and 
the other dynamically-interpreted commands can be quite risky when mixed 
with incoming data, which is often when they're most valuable, so it may 
help to be mindful of this and include sanitizing error checks on any 
strings sent to such commands.


Related:
<http://xkcd.com/327/>

-- 
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for Desktop, Mobile, and Web
  ____________________________________________________________
  Ambassador at FourthWorld.com        http://www.FourthWorld.com





More information about the use-livecode mailing list