web commit by BrandenRobinson: Explain why letting users specify regexes is bad.

master
www-data 2006-03-17 16:51:14 +00:00
parent b93e189934
commit 2aa5962115
1 changed files with 4 additions and 0 deletions

View File

@ -23,6 +23,10 @@ is built. (As long as all changes to all pages is ok.)
explicitly named pages would be desirable. explicitly named pages would be desirable.
2. I think that since we're using Perl on the backend, being able to 2. I think that since we're using Perl on the backend, being able to
let users craft their own arbitrary regexes would be good. let users craft their own arbitrary regexes would be good.
Joey points out that this is actually a security hole, because Perl
regexes let you embed (arbitrary?) Perl expressions inside them. Yuck!
3. Of course if you do that, you want to have form processing on the user 3. Of course if you do that, you want to have form processing on the user
page that lets them tune it, and probably choose literal or glob by page that lets them tune it, and probably choose literal or glob by
default. default.