On Wed, Jun 01, 2011 at 11:25:39PM +0200, Stanisław Findeisen wrote:
> Suppose you have a collection of books, and want to provide your users
> with the ability to search the book title, author or content using
> regular expressions.
>
> But you don't want to let them execute any code.
>
> How wo
> "Stanisław" == Stanisław Findeisen writes:
Stanisław> But you don't want to let them execute any code.
Unless "use re 'eval'" is in scope, /$a/ is safe even if $a came from an
untrusted source, as long as you limit the run-time to a few seconds or
so with an alarm. (Some regex can take ne
2011/6/1 Stanisław Findeisen
> Suppose you have a collection of books, and want to provide your users
> with the ability to search the book title, author or content using
> regular expressions.
>
> But you don't want to let them execute any code.
>
> How would you validate/compile/evaluate the us
On 2011-06-02 14:27, Bob McConnell wrote:
> From: Stanislaw Findeisen
>
>> Suppose you have a collection of books, and want to provide your users
>> with the ability to search the book title, author or content using
>> regular expressions.
>>
>> But you don't want to let them execute any code.
>>
From: Stanislaw Findeisen
> Suppose you have a collection of books, and want to provide your users
> with the ability to search the book title, author or content using
> regular expressions.
>
> But you don't want to let them execute any code.
>
> How would you validate/compile/evaluate the user
