[Arjen Markus] (12 november 2003) In response to a recent discussion on the c.l.t. about a problem that arose in the context of regular expressions, I have started this page. Its sole purpose: ''document dangerous constructs in Tcl'' ---- '''Using the subst command on arbitrary data:''' set a "Hello," set b "world!" set string "$a $b" puts [subst $string] gives: Hello, world! but: set string "\[exit\]" puts [subst $string] stops you program! The subst command allows you to suppress the execution of commands: puts [subst -nocommands $string] gives: [exit] ---- [RS]: A simple error that will appear only at runtime is not protecting a [switch] command with --: switch $input {...} The error will occur if $input starts with a minus (-) sign. So best always use switch -- $input {...} [LV] There are a number of other tcl commands which also support '''--''' ; if the command supports it, and you are using ''random'' input from users or input files, you probably should use it. ---- [TV] opening any server socket, expecting a certain other party to connect. For instance a file transfer à la ftp where a control connection triggers a file transfer over a seperate socket pair. ---- Please: the next! ---- See also the Frequently Made Mistakes [FMM] page. ---- [[Mention un-braced expr use.]] What's ''dangerous'' about unbraced expr? Short answer: # Uh-oh; what if it's "exec rm -rf ..." rather than "exec touch ..."? set a {[exec touch /tmp/77]} set b {[exec touch /tmp/78]} catch {expr $a + 4} catch {expr {$b + 4}} ---- [[ [Arts and crafts of Tcl-Tk programming] ]]