Forum Discussion

Historic F5 Account

Dec 13, 2011

The EVAL command

Hi all, I am testing the eval command and want to generate an error if my input script contains an error. My test code is as follows: set cmd "if { \[HTTP::uri\] starts_with \"/h...

Nimbostratus

Jul 19, 2017

is there any news on this one?

using eval for this, as spark suggests, is dangerous in my eyes:

eval "HTTP::respond 302 Location http://new.example.com $headers"

what if headers contain user input? someone could inject commands...

or what if anyone would use it for a response including content:

eval "HTTP::respond 200 content $content"

what if the content contains user input?

i think introducing the {*}-command is the only way to enable safe argument expansion.

i did a

[info patchlevel]

on big ip 13.0.0. tcl version is still 8.4.6.

is big ip expected to move to 8.5 in the near future?

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

The EVAL command

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

F5 BIG IP laboratory license

F5 mssql health monitor failing

How can I get started with iCall

Connection Rest f5

Related Content

WAF evasion techniques for Command Injection

Power of tmsh commands using Ansible

Watch Command

DNS Resolution with the RESOLVER::name_lookup Command

Bash shell and ping command on F5 rseries

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS