Evaluating user-defined conditions
james.laver at gmail.com
Tue Jun 10 10:05:11 BST 2014
On 10 Jun 2014, at 09:26, Andrew Beverley <andy at andybev.com> wrote:
> I'm happy to be restrictive to the user, and only allow straightforward
> strings in double quotes. So anything else is removed or not allowed,
> and the strings in quotes are checked as above.
> I would not be surprised if I've missed something though!
I was sort of hoping that the not too subtle hints that using eval is a bad idea would pay off. Apparently not.
Perl is quite complicated. You’ll keep missing things until you’re sick of patching security holes. Don’t do it.
More information about the london.pm