I have heard rumours that Perl 5 is not parseable by any kind of earthly grammar. However, I'm wondering if one could get close, and if anyone has actually tried.

I'm interested in creating a "watered down" Perl environment for web developers. Developers would be able to embed a certain safe subset of Perl in their HTML - the basic control and data structures, without the eval, file I/O, system commands, backticks, etc.

The closest thing I've found, naturally, is the Safe module. I've tried gamely to use it, but it presents a host of problems when used with Mason (and, I expect, other templating systems.) One of the major problems is that once you're inside the safe compartment, everything you call out to (such as useful CPAN modules) is restricted by safe as well.

What I want, instead, is just a black box that I can hand a piece of Perl code and have it say "yes" or "no" indicating whether it is a safe subset of Perl according to my definition in the grammar. Inputs to this black box would, of course, have to include a full list of allowed function and package names.

I'm aware of the great difficulty of trying to parse Perl in its fullness, and I would be willing to sacrafice a fair amount of functionality and syntax in order to get to an actual usable grammar.

Thanks for any advice and pointers.

Jon