go ahead... be a heretic | |
PerlMonks |
Re: Is it safe to use external strings for regexes?by Corion (Patriarch) |
on Oct 06, 2021 at 13:37 UTC ( [id://11137259]=note: print w/replies, xml ) | Need Help?? |
Depending on how nasty your users are, allowing arbitrary regular expressions is an unwise choice. The following regex is valid but will use up lots of CPU:
If you can come up with a whitelist of allowed regexes, that would improve things, or maybe consider running the regex search as a time-limited subprocess.
In Section
Seekers of Perl Wisdom
|
|