(I leave it marked as a draft and please treat it as pseudocode illustrating the concept. Without an environment suitable to test it, I haven't called it even once and the code very likely contain silly errors)
The current approach using exec is not safe and would require a sandbox. However, because the models generate such simple and repeatable code, it seems that it would be sufficient to interpret it manually.
So, as long as a code is limited to first calling the constructor of Canvas and binding the instance to any name. And then performing on it a sequence of calls of methods defined in CanvasBase, with values of arguments limited to literals, it should do the job.
(I leave it marked as a draft and please treat it as pseudocode illustrating the concept. Without an environment suitable to test it, I haven't called it even once and the code very likely contain silly errors)
The current approach using
execis not safe and would require a sandbox. However, because the models generate such simple and repeatable code, it seems that it would be sufficient to interpret it manually.So, as long as a code is limited to first calling the constructor of
Canvasand binding the instance to any name. And then performing on it a sequence of calls of methods defined inCanvasBase, with values of arguments limited to literals, it should do the job.