analysis
parent
59d0c28e8f
commit
0516ba04d0
|
@ -23,3 +23,18 @@ More tests:
|
|||
|
||||
[[!inline show="3" feeds="no" archive="yes" pages="*\{*"]]
|
||||
|
||||
> This is due to the current handling of quoting and escaping issues
|
||||
> when converting a pagespec to perl code. `safequote` is used to
|
||||
> safely quote an input string as a `q{}` quote, and it strips
|
||||
> curlies when doing so to avoid one being used to break out of the `q{}`.
|
||||
>
|
||||
> Alternative ways to handle it would be:
|
||||
> * Escape curlies. But then you have to deal with backslashes
|
||||
> in the user's input as they could try to defeat your escaping.
|
||||
> Gets tricky.
|
||||
> * Avoid exposing user input to interpolation as a string. One
|
||||
> way that comes to mind is to have a local string lookup hash,
|
||||
> and insert each user specified string into it, then use the hash
|
||||
> to lookup the specified strings at runtime.
|
||||
>
|
||||
> --[[Joey]]
|
||||
|
|
Loading…
Reference in New Issue