Re: How to do regex backreferences within $variable replacement text?

This is a dangerous application to put on the web. You give the user an opportunity to run arbitrary code in (?{...}) or (??{...}) constructs in the regex. With the /e switch, arbitrary code can also be run in the replacement string.

After Compline,
Zaxo

Comment on Re: How to do regex backreferences within $variable replacement text?

Replies are listed 'Best First'.
Re^2: How to do regex backreferences within $variable replacement text? by ManFromNeptune (Scribe) on Sep 17, 2005 at 19:45 UTC
re: Security, that's half of the reason why I would prefer not to use eval() at all (the other half is performance reasons, since eval() is recompiled each time its executed at runtime.)	[reply]
Re^3: How to do regex backreferences within $variable replacement text? by ikegami (Patriarch) on Sep 18, 2005 at 02:59 UTC
Compilation time is going to be there no matter what solution you use; something needs to figure out which characters are plain and which are part of the name of a variable to embed, and something much actually do the embedding. True, not some compilers are faster than others, but I suspect that `perl` is very quick at compiling a string literal, especially since it's already loaded in memory.	[reply] [d/l]
Re^2: How to do regex backreferences within $variable replacement text? by diotalevi (Canon) on Sep 18, 2005 at 03:28 UTC
Perl prohibits runtime compilation of regexps that use those features unless `use re 'eval'` has also been used.	[reply] [d/l]