If you're not 100% sure that your string to eval is safe, just use a Safe partition. 
  require Safe;
  my $string = Safe->new->reval("'$literal'");

[download]

Safe disables many of the potentially dangerous Perl op codes, so that even if someone manages to sneak a curiously-formatted piece of code past your parser/escaper, it's unable to do anything particularly malicious. (For example, it might be able to suck up an inordinate amount of CPU time, but it won't be able to reformat your hard drive.)

This is a very powerful capability, and I don't know why Perl developers don't take advantage of it more often...

In reply to Re: Safe eval of string literals? by simonm
in thread Safe eval of string literals? by Anonymous Monk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.