Safe to parse user submitted code using Ripper?

I'开发者_JAVA技巧m using the Ruby 1.9 Ripper library to analyze specific parts of a source code by building it's sexp tree. From what I know, Ripper just uses a lexer / parser to do this.

Is it safe to run Ripper on a user submitted code?

Since it does not actually evaluate any code, yes it is safe.

If you are talking about taking those s-expressions and evaluating them, then most certainly the answer seems to be: Not without cleaning it first. That cleaning process could be especially tricky though.