On Sun, Jan 3, 2010 at 8:30 PM, Moritz Lenz <mor...@faui2k3.org> wrote:
>
> But since $input can contain closures, arbitrary code can be executed.
> I'd like to propose a way to compile a string to a regex which doesn't
> allow code execution.
>
So would I.
I would also like it to be the default behaviour, since this is a "place
foot on Bouncing Betty" thing. :)
>
> my $rx = Regex.new(:string('abc|d'), :safe);
>
I think this is too complicated for something which is likely to be the most
frequent use of regex strings.
It would be better to enforce the more complicated syntax for the less
frequent cases.
(All IMO, of course.)
--
Jan
