Version 4 of Dangerous constructs

Updated 2003-11-12 12:59:32

Arjen Markus (12 november 2003) In response to a recent discussion on the c.l.t. about a problem that arose in the context of regular expressions, I have started this page. Its sole purpose: document dangerous constructs in Tcl


Using the subst command on arbitrary data:

   set a "Hello,"
   set b "world!"
   set string "$a $b"
   puts [subst $string]

gives:

 Hello, world!

but:

   set string "\[exit\]"
   puts [subst $string]

stops you program!

The subst command allows you to suppress the execution of commands:

   puts [subst -nocommands $string]

gives:

  [exit]

RS: A simple error that will appear only at runtime is not protecting a switch command with --:

 switch $input {...}

The error will occur if $input starts with a minus (-) sign. So best always use

 switch -- $input {...}

LV There are a number of other tcl commands which also support -- ; if the command supports it, and you are using random input from users or input files, you probably should use it.


Please: the next! [Tie in with FMM.]

[Mention un-braced expr use.] What's dangerous about unbraced expr?


[ Arts and crafts of Tcl-Tk programming ]