Postscript templates

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Fri May 07 2004 - 14:11:43 CDT

On May 7, 2004, at 2:42 PM, Douglas W. Jones wrote:
> The problem with Postscript is that Postscript includes a
> good chunk of Forth, and is Turing equivalent.

True enough. But like Turing machines, postscript code is
deterministic in its behavior. You can't run the same code multiple
times and get different behavior each time.

The postscript template is indeed a program, that might do anything.
Part of what that code includes is a few data values like "Dummy
Ballot-ID" and "Dummy Candidate Name". Those values are *provably*
data, not code. You can print out the template itself to determine
that it has non-terratological behavior.

Next thing, you prove that the string "Dummy Candidate Name" doesn't
occur anywhere other than in a data field (i.e. use grep). And
finally, you run code similar to:

        postscript.replace("Dummy Candidate Name", selected_candidate)

If you want to be REALLY careful, you can check the value contained in
'selected_candidate' to make sure it excludes any postscript
escape/command sequences (a normal name won't contain anything like
that). Fortunately, you can assure the necessary exclusion with a
quite simple regular expression.

I'm not dogmatically in favor of using the postscript-template
formatting technique. But the abstract errant capabilities of
postscript are easily guarded against in this context.
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Mon May 31 23:17:23 2004

This archive was generated by hypermail 2.1.8 : Mon May 31 2004 - 23:18:16 CDT