[R] Avoid using "eval" in a neat way

Jeff Newmiller jdnewmil at dcn.davis.CA.us
Sat Feb 1 18:55:31 CET 2014


You have set up your criteria for success to be that your user has full freedom to specify code in strings to evaluate. Then you ask how to achieve this goal without evaluating that code. Are you thinking objectively at all about your question?

The advice to not use eval has a number of justifications that you should be able to find yourself online (unnecessary obfuscation and program security are two). Implementing an interpreter is not where this advice applies.

At the core of this problem, as long as you accept that your user is working within the R interpreter then they can provide your code with functions that access data on their own. You don't need to assume so much responsibility as your question assumes you have to.

"Doctor, my head hurts!"
"Then stop banging it against the wall."
---------------------------------------------------------------------------
Jeff Newmiller                        The     .....       .....  Go Live...
DCN:<jdnewmil at dcn.davis.ca.us>        Basics: ##.#.       ##.#.  Live Go...
                                      Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/Batteries            O.O#.       #.O#.  with
/Software/Embedded Controllers)               .OO#.       .OO#.  rocks...1k
--------------------------------------------------------------------------- 
Sent from my phone. Please excuse my brevity.

On February 1, 2014 8:40:47 AM PST, Hai Qian <hqian at gopivotal.com> wrote:
>I know using eval is not optimal and maybe bad, but how to avoid using
>eval
>in the following example
>
>func1 <- function(dat, eval.this) {
>    eval(parse(text = paste0("with(dat, ", eval.this, ")")))
>}
>
>dat <- data.frame(x = 1:2, y = 2:3)
>
>func1(dat, "x*2+y")
>
>func1(dat, "sin(x)*cos(y)")
>
>Here eval.this is a string that contains whatever the user wants to
>evaluate. I wonder whether there is a neat way to avoid using eval in
>this
>case? So far I have not figured out a way to do this.
>
>	[[alternative HTML version deleted]]
>
>______________________________________________
>R-help at r-project.org mailing list
>https://stat.ethz.ch/mailman/listinfo/r-help
>PLEASE do read the posting guide
>http://www.R-project.org/posting-guide.html
>and provide commented, minimal, self-contained, reproducible code.




More information about the R-help mailing list