I'll readily admit I got a bit lost trying to trace through YAQL's overloaded eval() replacement, but my concern is that making it safe to pass user-supplied strings through eval() is like trying to plug holes in a leaky boat at sea. This article gives some great examples: https://nedbatchelder.com/blog/201206/eval_really_is_dangerous.html
I'll readily admit I got a bit lost trying to trace through YAQL's overloaded eval() replacement, but my concern is that making it safe to pass user-supplied strings through eval() is like trying to plug holes in a leaky boat at sea. This article gives some great examples: https:/ /nedbatchelder. com/blog/ 201206/ eval_really_ is_dangerous. html