I have scrolled through a whole host of posts now on this topic and it seems to be one of heated opinions.
Clearly exposing an eval() to the greater internet is unadvisable.
What i couldn't find infomation on is the risk of having it offline. the phrase "untrusted strings" gets bandied about alot.
if eval() was implamented on say a calculator program, could i consider the strings to be "trusted" assuming the only source would be me/ people who presumably don't want to brick the computer they are using?
or is this naive of me and such a thing would create a vulnerability to viruses? this is an area i lack knowledge
