Evaluating user-defined conditions

James Laver james.laver at gmail.com
Tue Jun 10 10:05:11 BST 2014

On 10 Jun 2014, at 09:26, Andrew Beverley <andy at andybev.com> wrote:
> I'm happy to be restrictive to the user, and only allow straightforward
> strings in double quotes. So anything else is removed or not allowed,
> and the strings in quotes are checked as above.
> I would not be surprised if I've missed something though!
> Andy

I was sort of hoping that the not too subtle hints that using eval is a bad idea would pay off. Apparently not.

Perl is quite complicated. You’ll keep missing things until you’re sick of patching security holes. Don’t do it.


More information about the london.pm mailing list