web commit by BrandenRobinson: Explain why letting users specify regexes is bad.
parent
b93e189934
commit
2aa5962115
|
@ -23,6 +23,10 @@ is built. (As long as all changes to all pages is ok.)
|
||||||
explicitly named pages would be desirable.
|
explicitly named pages would be desirable.
|
||||||
2. I think that since we're using Perl on the backend, being able to
|
2. I think that since we're using Perl on the backend, being able to
|
||||||
let users craft their own arbitrary regexes would be good.
|
let users craft their own arbitrary regexes would be good.
|
||||||
|
|
||||||
|
Joey points out that this is actually a security hole, because Perl
|
||||||
|
regexes let you embed (arbitrary?) Perl expressions inside them. Yuck!
|
||||||
|
|
||||||
3. Of course if you do that, you want to have form processing on the user
|
3. Of course if you do that, you want to have form processing on the user
|
||||||
page that lets them tune it, and probably choose literal or glob by
|
page that lets them tune it, and probably choose literal or glob by
|
||||||
default.
|
default.
|
||||||
|
|
Loading…
Reference in New Issue