in reply to untainting regular expressions

It's not what should I reject, it's what shouldn't I reject. For example: die "Variable contains dangerous data" if $some_var =~ /[^0-9A-Za-z]/;. As for what should you allow that depends on what your filtering, my example would be pretty safe but would only allow for numbers and characters, you might look at perlre, specifically /Q and /E for how to improve safety.

"Cogito cogito ergo cogito sum - I think that I think, therefore I think that I am." Ambrose Bierce

Replies are listed 'Best First'.
Re: Re: untainting regular expressions
by zby (Vicar) on May 05, 2004 at 15:31 UTC
    I'd like to let people do as much as it is feasible. Numbers and word chars is too little for sure - I mostly write the app for myself (although I'll let others to use it), I really don't like to be too much restricted.
[reply]

In Section Seekers of Perl Wisdom