| pyguyy | although all those casts do remind me of C.. or BASIC |
| Yaakov | f00li5h: You need to scrub any regex that you allow them to use. |
| f00li5h | Yaakov: just block eval it, and hope for the best |
| mauke | I don't like "scrubbing" |
| f00li5h | mauke: explains the smell |
| mauke | specify an input format and write a parser for it |
| pyguyy | yaukov: i'm not worried about dangerousness because only i'm using this script, but i would like it to be resilient. does eval(1) return 1? :| |
| Yaakov | pyguyy: There is no casting in perl. |
| integral | It's too unreliable, and why should *you* do it? |
| pyguyy | Yaakov i know 4+"4"=8 or "8" if you prefer it's actually pretty gorgeous |
| dazjorz | eval: 4+"4" |
| mauke | it's 8, actually :-) |
| buubot | dazjorz: 8 |
| f00li5h | pyguyy: eval returns the same thing as a sub does |
| pyguyy | yes it's 8 ._. f00li5h, nice |
| f00li5h | pyguyy: use block eval, not string eval, k? |
| dazjorz | does buubot have a python eval? |
| Yaakov | integral: In some cases, when you want to provide user-defined regex(like) behavior you need to do something. My usual approach is a meta-grammar for permitted functionds. functions |
| pyguyy | if eval("$t =~ $x; 1") != 1 { print "Bad regex, pal" |
| f00li5h | Yaakov: what can go wrong in accepting a regex? |
| pyguyy | seems right f00li5h, what's the difference? |
| Yaakov | f00li5h: code execution |
| mauke | pyguyy: syntax error, string eval, EWW |
| integral | Yaakov: Well, if you didn't use perl, there'd be a proper parser library, which you would use |
| mauke | Yaakov: I'd like to see that |
| f00li5h | Yaakov: oh, with (?e ... )? |
| integral | (the cult of the regexp)-- |
| pyguyy | oh... $x could contain other commands, yes but again only i'll ever use it so i won't sploit myself |
| Yaakov | f00li5h: yes. |
| pyguyy | what's a block eval? |
| mauke | you can get infinite runtime or a segmentation fault but I don't see an easy way to run code from a regex |