in reply to Is it safe to use external strings for regexes?
Depending on how nasty your users are, allowing arbitrary regular expressions is an unwise choice. The following regex is valid but will use up lots of CPU:
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaa" =~ /a*a*a*b/
If you can come up with a whitelist of allowed regexes, that would improve things, or maybe consider running the regex search as a time-limited subprocess.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^2: Is it safe to use external strings for regexes?
by stevieb (Canon) on Oct 06, 2021 at 13:44 UTC | |
by Fletch (Bishop) on Oct 06, 2021 at 17:26 UTC | |
by stevieb (Canon) on Oct 06, 2021 at 19:40 UTC |
In Section
Seekers of Perl Wisdom