in reply to "eval"ing a hash without eval

You are right, it has bugs. Perl is not that easy to parse.

This regexp, for example, allows the following string 

#!perl
qq, {z => "${warn qq/hello world/}" },

[download]
which, when evalled, prints a warning message. You can imagine that I could put more unsecure code in there than that.

My advice is that you don't try to evaluate untrusted perl (or shell or ruby) code, as you just can't launder it clean by parsing it.

Interpretting the code you're trying to parse yourself would be a much better idea. I'm as surprised as you there's no module for that.

Replies are listed 'Best First'.
Re^2: "eval"ing a hash without eval
by Ovid (Cardinal) on Dec 29, 2005 at 17:56 UTC

    Damn. You're right. I'm going to have to go the full lex/parse route to avoid this.

    Cheers,
    Ovid

    New address of my CGI Course.

[reply]

In Section Seekers of Perl Wisdom