On Thu, Nov 22, 2007 at 02:34:27PM +1100, Steve Bennett wrote:
Would the developers (or users, for that matter) be likely to trust a pure parser solution? It seems to me that it's a lot easier simply to scan the resulting output looking for bad bits, than it is to attempt to predict and block off all the possible routes to producing nasty code.
My opinion is that each block of code should do it's think, and no one else's thing. DJB's a whackjob, but on this point, he hews correctly to those who created this OS we pray to daily...
Cheers, -- jra