And this is another reason for the Grammar solution: it lets you do just what is needed, in a constrained environment so you don't have any risk (unless you do something questionable in the Grammar, but then that's on you.)
On Mon, Jul 17, 2017 at 6:15 AM, Brent Laabs <bsla...@gmail.com> wrote: > Just to make it clear, do not use EVAL() ever on untrusted user input. In > the example I wrote, if the string contained a '>', anything after that > point would be executed. While it works, it's a bad idea to use it. > > On Mon, Jul 17, 2017 at 2:17 AM, ToddAndMargo <toddandma...@zoho.com> > wrote: > >> On Sun, Jul 16, 2017 at 11:34 PM, ToddAndMargo <toddandma...@zoho.com >>>> <mailto:toddandma...@zoho.com>> wrote: >>>> >>>> On 07/16/2017 07:48 PM, Brent Laabs wrote: >>>> >>>> $ perl6 >>>> > my $x='ls -al "Program Files" "Moe Curly Larry"'; >>>> ls -al "Program Files" "Moe Curly Larry" >>>> > &EVAL( "qww<$x>" ).perl >>>> ("ls", "-al", "Program Files", "Moe Curly Larry") >>>> >>>> How about this? Obligatory: Much EVAL, very danger wow. >>>> >>>> >>>> I don't understand. Would you put this into a full executable >>>> example? >>>> >>>> >>>> >> On 07/17/2017 02:08 AM, Brent Laabs wrote: >> >>> I would put it in an executable example, and I already did. But here's >>> another one, if you like. >>> >>> $ perl6 -e 'my $x = q<ls -al "Program Files" "Moe Curly Larry">; my @y = >>> &EVAL( "qww<$x>"); for @y.kv -> $i, $j { say " \@y[$i] = \c39$j\c39" }' >>> @y[0] = 'ls' >>> @y[1] = '-al' >>> @y[2] = 'Program Files' >>> @y[3] = 'Moe Curly Larry' >>> >>> The last loop is just so it's printed in the way you demonstrated in the >>> first post. >>> >>> The main point of me writing that example in the first place is because >>> I know that the Perl 6 language itself is very good at parsing quotes. If >>> you knew what the string was at compile time, you could just write this: >>> my @y = qww<ls -al "Program Files" "Moe Curly Larry">; >>> And it would know exactly how to deal with the quotes. But I don't know >>> how to access this functionality of the quote language from within the Perl >>> 6 language. You can't use qqww directly, because the quote protection is >>> handled before interpolation, and we want it to happen after. So I can >>> eval a qww string instead, and that does work, though it does recognize >>> kinds of quoting that you wouldn't expect, like dumb quotes or halfwidth >>> katakana quotes. >>> >>> All of this is to say that I wish the Str.words method had a way of >>> applying Perl 6 quoting rules as if it were the qww operator. >>> >>> >> Thank you! >> >> >> -- >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> Computers are like air conditioners. >> They malfunction when you open windows >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> > > -- brandon s allbery kf8nh sine nomine associates allber...@gmail.com ballb...@sinenomine.net unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net
