Dear Monks,
I'm in the middle of updating a module that grades Excel spreadsheets by comparing the contents of cells to a model text file parsed by Parse::RecDescent. Strings are allowed in the comparisons, but in the previous version of the module, they were hacked in by simply returning a manually unescaped version of the matched text, e.g.:
quoted_string: '"' m{(([\\]"|[^"])*)} '"' { $item[2] =~ s{\\"}{"}g; # Unescape quotes $item[2] =~ s{\\\\}{\\}g; # Unescape backslashes $item[2]; }
I want to use the <perl_quotelike> production (a wrapper around Text::Balanced), for greater flexibility with quoted strings and regexes. The problem is that <perl_quotelike> extracts the Perl-ish string/regex, but the only way I can think of to interpret the string/regex correctly (which could contain quotes, backslashes, Unicode hexes, regex modifers, etc.) is to eval the relevant bits, e.g.:
quoted_string: <perl_quotelike> { my ( $name, $ldelim, $text, $rdelim ) = @{ $item[1] }; if ( $name eq 'qq' ) { $text = eval 'qq' . $ldelim . $text . $rdelim; } # etc... }
Which is nasty, as the model file text could then contain:
A1 mean(B1:B10) && A2 "Something innocuous" && A3 C1/C2 && A4 qq(Oh dear @{[ system 'rm -rf *' ]})
Am I missing something, or am I trapped between either implementing my own interpolator/unescaper (which certainly won't be able to replicate all the useful features of perl quoting and regex modifiers), or using string eval (and hoping that no-one does anything nasty)?
In reply to Using Parse::RecDescent to parse Perl-ish strings without resorting to string eval by polypompholyx
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |