Closed mauro-oto closed 11 years ago
Thank you sincerely for helping out this code base. This code is actually the 2.0 version of try ruby.
Code school never open sourced their version of try ruby (aka the version that actually resolves at tryruby.org)
However, I have seriously considered (since I still own the domain name tryruby.org) relaunching try ruby. Your changes would have an impact then.
If anyone else is up for it, I wouldn't mind entertaining the idea of a try ruby running ruby 2.0 version. The codeschool version is actually using jruby. You can verify this by typing RUBY_PLATFORM
In order to do so there would have to be a bit of clean up on this code base done.
Presently the legacy version of try ruby depends too heavily on SAFE being secure-- It is not.
Also, I tried to make this rack based once and failed horribly. This was the original reason for reaching out to EnvyLabs in the first place a few years back.
Last, I am using CGI.new rather than rack. If these factors could be overcome, I would A) be tremendously grateful and B) seriously consider a proper relaunch of TryRuby.org
Oh, I didn't realize this wasn't the Try Ruby currently online.
Isn't it possible to use a SAFE level of 4? Or is that too restrictive?
Also, it might be worth checking this gem out, but I'm not sure how adaptable that could be.
too restrictive is the wrong word. It would kill interactivity, but SAFE as a ruby method has been shown to have problems.
I can't find the canonical/reference article talking about exactly why SAFE is a bad idea, but it is notable that exploits with and involving SAFE come up all the time.
This one being from December. http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/
Although, I do have to admit, TryRuby from 2009-2011 was never compromised due to any of the code involving SAFE. It was other things that caused it problems.
Also, it's been proposed to deprecate and or drop SAFE from ruby https://bugs.ruby-lang.org/issues/5455#change-25609
that's a fascinating library. it seems to operate on a permissions are whited principal. I'd need to look into this library a bit further. It looks like a promising starting point.
The real question with that gem you referenced is if evalhook is a reasonable library https://github.com/tario/evalhook/
I'm looking into that now
I've updated all ruby-doc links as the anchors were no longer working, as reported by peterkokot here: https://github.com/Sophrinix/TryRuby/issues/164
The pickaxe links and a few other older links could also be updated in the future as some are broken.