Re^2: reinterpolation of regexp (and strings?)

Replies are listed 'Best First'.
Re^3: reinterpolation of regexp (and strings?) by ikegami (Patriarch) on Jul 23, 2008 at 08:15 UTC
I don't see `use re 'eval';` in String::Interpolate, for starters. And there's nothing wrong in `use re 'eval';` per say. It's sometimes required to execute dynamically built regexps. I've used it a few times, and none of them involved executing untrusted code.	[reply] [d/l] [select]
Re^4: reinterpolation of regexp (and strings?) by dHarry (Abbot) on Jul 23, 2008 at 08:52 UTC
I don't see use re 'eval'; in String::Interpolate, for starters. I meant Regexp::NamedCaptures, my mistake. And there's nothing wrong in use re 'eval'; per say... If you construct the regexps yourself fine, but If you ask the user to supply the code it can be dangerous.	[reply]
Re^4: reinterpolation of regexp (and strings?) by dHarry (Abbot) on Jul 23, 2008 at 09:07 UTC
I don't see use re 'eval'; in String::Interpolate, for starters. You're right of course. I meant Regexp::NamedCaptures. My mistake. And there's nothing wrong in use re 'eval'; per say. It's …. If you construct the regexps yourself based on some logic fine, if some user supplies the code (as stated) it can be risky.	[reply]