Ruby Meta-programming-code for writing code

Kernel#eval () method, you can directly execute Ruby code string

(1) The Kernel#binding () method is used to capture the current scope to return a binding object that represents a complete scope

(2) eval () can accept two parameters, the first is a code string, the second is a binding object, and the code executes in the scope of the pass-through (the *eval () family can)

(3) Ruby also provides a predefined constant named Toplevel_binding, which represents the binding object for the top-level scope. This top-level scope can be accessed from anywhere in the program

(4) The Eval () method will have two optional parameters, file and line, the passed-in file path, and the current execution code row number, for printing out stack information in the case of a code exception

(5) because the code string and fast very similar, in many cases, you can choose to use any one, but can use blocks as much as possible.

(6) Eval () method has the risk of code injection attack, use caution

(7) Pollution object and safety level:

The pollution object includes the string that the program reads from the Web form, the File box command line, even the system variables, each time the new string from the pollution string operation, is also contaminated, can call tainted? () method to determine if it is contaminated

Ruby security level, can be changed by modifying $safe global scalar, divided into 0-4, 5 levels

0--is completely unconstrained, greater than 0,ruby will refuse to execute a contaminated string, greater than 2, will prohibit a large portion of file-related work

Contamination can be removed by Object#untaint () method

Ruby Meta-programming-code for writing code