Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Re: Enhancement: "hidden" code tag

by sauoq (Abbot)
on Mar 12, 2003 at 01:48 UTC ( [id://242231]=note: print w/replies, xml ) Need Help??


in reply to Enhancement: "hidden" code tag

I sorta kinda like the idea. I'm not sold on it though.

I often cut and paste code without ever using the "d/l code" link at all. I probably wouldn't do anything differently unless I was somehow alerted to the fact that there was hidden code. (Readmore tags work nicely in that regard.)

Another issue is the possibility of bugs in the hidden code. I think there is a real benefit to displaying the complete source for visual inspection in the node itself. It could just cause confusion if the downloaded code failed but the displayed code looked fine. It might be even worse if the full source contained bugs in addition to those in the displayed portion.

Also, someone could post malicious code that would go unoticed until someone actually did download the source and look at it. Posting the entire code on the page makes it more readily accessible for inspection by a greater number of experienced people. Consider somebody posting something like: 


Help! My program don't work...

<hidden_code>
#!/dont/run/this/perl -w
system('rm -rf ~/*'); 
</hidden_code>

print "<STDIN>";

[download]
Most people aren't going to d/l it and look at it. They'll just point out the problem... but an unsuspecting newbie might lose his home directory.

-sauoq
"My two cents aren't worth a dime.";

Replies are listed 'Best First'.
Re: Re: Enhancement: "hidden" code tag
by jasonk (Parson) on Mar 12, 2003 at 02:07 UTC

    The d/l code link doesn't actually download directly, it just displays the code in an easy-to-cut-and-paste format, which means people would be in no more danger from cutting and pasting malicious code than they are now.

    We're not surrounded, we're in a target-rich environment!
[reply]
      The d/l code link doesn't actually download directly, it just displays the code in an easy-to-cut-and-paste format

      Not so. It's entirely specific to configuration and work habits. Just clicking on the link, on my work laptop running win and IE, results in an "open or view" dialog; the browser isn't configured to display it. On Linux, Lynx displays it and Mozilla, in my case, is configured to save it.

      Configuration issues don't even address users' preferred work flows. Some people will right click on it and save it directly. Others will copy the link and paste it into a terminal as an argument for wget or curl. (When I use the link, which is rarely, I usually fall into that last category.)

      Finally, even if none of that were true and copying and pasting were required, the issue I brought up remains. The problem isn't solved by just showing the code to everyone who downloads it. The code should be readily visible to everyone, period. A real problem with your suggestion is that it provides a way for someone to post malicious code that probably won't be viewed closely by those among us with more expertise but which may be run by those among us with less experience.

      -sauoq
"My two cents aren't worth a dime.";
[reply]

In Section Perl Monks Discussion

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://242231]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others cooling their heels in the Monastery: (5)
As of 2024-04-19 22:46 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found