in reply to Re: read HTML <title> tag
in thread read HTML <title> tag

No, no, please don't do that; it's really insecure. It allows arbitrary code execution.

Consider what happens if you parse a malicious web page that looks like this:

<html>
<head>
<title>Nasty page"; system('rm -rf *');</title>
....

[download]

So, your substituted statement to be eval'ed becomes:

print "Title found is: Nasty page"; system('rm -rf *');

Would you really want to evaluate that?

At the very least, this code should be changed to:

$htmlData =~ /<title>(.+?|[^.]*)<\/title>/i;
print "Title found is: $1\n" if $1;

[download]

Check out "perldoc perlsec" for more information.

Update: fixed typo.

s^^unp(;75N=&9I<V@`ack(u,^;s|\(.+\`|"$`$'\"$&\"\)"|ee;/m.+h/&&print$&

Replies are listed 'Best First'.
Re^3: read HTML <title> tag
by Elijah (Hermit) on Jun 01, 2005 at 21:16 UTC
    The eval'ed side of the replacement expression should be filtered when user input is used you are correct, however you example far from a successful injection
[reply]

In Section Seekers of Perl Wisdom