Google Groups

Re: *read-eval* defaulting to false

Rich Hickey Feb 7, 2013 3:02 PM
Posted in group: Clojure Dev
Beta11 on its way. System property can be used to set default value of *read-eval*:

user=> (doc *read-eval*)
  Defaults to true (or value specified by system property, see below)
  ***This setting implies that the full power of the reader is in play,
  including syntax that can cause code to execute. It should never be
  used with untrusted sources. See also: read-edn.***

  When set to logical false in the thread-local binding,
  the eval reader (#=) and record/type literal syntax are disabled in read/load.
  Example (will fail): (binding [*read-eval* false] (read-string "#=(* 2 21)"))

  The default binding can be controlled by the system property
  '' System properties can be set on the command line
  like this:

  java ...

  The system property can also be set to 'unknown' via, in which case the default binding
  is :unknown and all reads will fail in contexts where *read-eval*
  has not been explicitly bound to either true or false. This setting
  can be a useful diagnostic tool to ensure that all of your reads
  occur in considered contexts. You can also accomplish this in a
  particular scope by binding *read-eval* to :unknown

Also tagged literals, new sigs for read-edn-*.