Evaluating user-defined conditions
Gareth Harper
spansh+london at gmail.com
Mon Jun 9 13:42:08 BST 2014
Language::Basic and Language::Basic::Expression look promising (if you
don't particularly want to write your own parser.
https://metacpan.org/pod/Language::Basic::Expression
On 9 June 2014 13:10, James Laver <james.laver at gmail.com> wrote:
>
> On 9 Jun 2014, at 12:39, Abigail <abigail at abigail.be> wrote:
>
> > In short, Safe.pm may be the answer, but depending on who your users are,
> > it may be overkill, or still contain too many hooks for an attacker.
>
> In short, if you trust the input, just eval() it, and if you don’t, you
> want a parser.
>
> You might consider transforming it automatically into postfix notation and
> building a really simple stack machine if you just want basic arithmetic
> and placeholders. Otherwise, I can recommend Parse::RecDescent. Perhaps you
> can be cheeky and get them to write some yaml like this:
>
> operation: +
> with:
> - 1
> - operation: -
> - with:
> - 2
> - operation: *
> - with: [3,4]
>
> Not very user friendly, but very easy to work with. It depends how much
> effort you’re willing to put in and whether you trust the input.
>
> James
>
More information about the london.pm
mailing list