urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

web commit by BrandenRobinson: Explain why letting users specify regexes is bad.

master
www-data 2006-03-17 16:51:14 +00:00
parent b93e189934
commit 2aa5962115
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/todo.mdwn
View File

@ -23,6 +23,10 @@ is built. (As long as all changes to all pages is ok.)
explicitly named pages would be desirable.
2. I think that since we're using Perl on the backend, being able to
let users craft their own arbitrary regexes would be good.
Joey points out that this is actually a security hole, because Perl
regexes let you embed (arbitrary?) Perl expressions inside them. Yuck!
3. Of course if you do that, you want to have form processing on the user
page that lets them tune it, and probably choose literal or glob by
default.