On Thu, 11 Mar 2004, Mark Mills wrote:
> The replace method doesn't allow captured references. Eeeeevil. [%
> FName.replace('.','${(system "rm -rf")}') %]
a question to you perl gurus: Do you think that it is possible to "secure"
regular expressions against such things? say, eliminating "system"s and
backticks, or maybe wrapping everything in a "safe world" case?
I'm asking this because in my experience a lot of people (I mainly refer
to mathematicians) would like to adopt the tt2 language
(mainly for generating latex files) as their first computer language
(without knowing perl). But regexp are very important. And, on the other
side, I would like to let them edit web pages by themselves...
I can close the most evident holes, but an expert's opinion is always
welcome.
--
Franco Bagnoli (franchino) <[EMAIL PROTECTED]> ([EMAIL PROTECTED])
virtual location: Dipartimento di Energetica "S. Stecco"
ultra-virtual affiliation: Centro Dinamiche Complesse (CSDC-Firenze)
real location: Dip. Matematica Applicata "G. Sansone", Universita' Firenze,
Via S. Marta, 3 I-50139 Firenze, Italy. Tel. +39 0554796422, fax: +39 055471787
_______________________________________________
templates mailing list
[EMAIL PROTECTED]
http://lists.template-toolkit.org/mailman/listinfo/templates
