Welcome to the Monastery | |
PerlMonks |
Re^2: How can I convert this raw data to a hash?by afoken (Chancellor) |
on Dec 23, 2020 at 11:33 UTC ( [id://11125674]=note: print w/replies, xml ) | Need Help?? |
If you replace : with => (or even a comma), then you'd have PON - Perl Object Notation, also known as actual Perl code. So having that you could then do something silly like prepend our $hash_ref = then string eval or write it to a file then require it: And if - for some nasty reason - the input suddenly contains something like "foo" : `rm -rf /` ("foo" => `rm -rf /` after replacing : with =>), you will learn the hard way why you don't blindly run configuration data as executable code. JSON, JSON::PP, and JSON::XS all treat data as such and do not treat the input as executable code. Hell, you don't even eval() JSON in Javascript - for the same reason. See also:
Alexander
-- Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
In Section
Seekers of Perl Wisdom
|
|