[racket-dev] printing images in REPL

From: Robby Findler (robby at eecs.northwestern.edu)
Date: Thu Aug 26 20:25:59 EDT 2010

At the moment there is a barn-door sized security hole in DrRacket,
whereby it will take any snip% instance from the user's program and
just display it in the repl. You can exploit this for Good by making
the current-print of your language turn some values into snips (like
images and things). 2htdp/image already does this, so that should just
work if you return those. Its hard to tell what value Shriram's
program was returning tho. But if it is a bitmap% object, he just has
to do

  (make-object image-snip% ...the-bitmap-goes-here...)

We will close this hole at some point, when we have a reasonable way
to allow people to add new kinds of values without the security
breach.

Robby

On Thu, Aug 26, 2010 at 6:17 PM, Jay McCarthy <jay.mccarthy at gmail.com> wrote:
> From what I can tell, it comes from ensuring that DrRacket shares the
> htdp/image (or whatever) namespace with the running program so the
> structs are the same and DrRacket's default renderer is detecting it.
> I'm not sure how to replicate it though. (I tried for a bit so I could
> make #lang frtime work.)
>
> Jay
>
> On Thu, Aug 26, 2010 at 11:55 AM, Shriram Krishnamurthi <sk at cs.brown.edu> wrote:
>> What is the #lang magic that makes
>>
>>> (get-image-from-web "http://racket-lang.org/logo.png")
>> (instantiate (class ...) ...)
>>
>> show the image rather than just its constructor?
>>
>> Shriram
>> _________________________________________________
>>  For list-related administrative tasks:
>>  http://lists.racket-lang.org/listinfo/dev
>>
>
>
>
> --
> Jay McCarthy <jay at cs.byu.edu>
> Assistant Professor / Brigham Young University
> http://teammccarthy.org/jay
>
> "The glory of God is Intelligence" - D&C 93
> _________________________________________________
>  For list-related administrative tasks:
>  http://lists.racket-lang.org/listinfo/dev


Posted on the dev mailing list.