Your skill will accomplish what the force of many cannot |
|
PerlMonks |
embedding a safe unescapable mini perl interpreter?by iaw4 (Monk) |
on Dec 30, 2011 at 07:12 UTC ( [id://945608]=perlquestion: print w/replies, xml ) | Need Help?? |
iaw4 has asked for the wisdom of the Perl Monks concerning the following question: I would like to allow my web users to execute little perl calculator programs: they could enter into my webform textarea field something like:
when the user hits submit, my server-side cgi script executes this snippet to learn that the user wanted '61'. later, the server will (eventually) return an html page that says "the result of your program {spit back what the user entered above} is 61." I want to predefine a few functions for the user myself, too, such as squared, cubed, etc., but still allow my own users to define their functions, too. obviously, I do not want my users to inject nasty code, either into the html [I spit back what they entered); or worse, locally escape into my system (via system, backquote, or other nastily crafted entries. so, I need a safe, sanitized subset version of perl that I can execute. I am probably not the first one in need of this, but I was hoping that someone could point me to where this has been put together already. I could live with a non-perl syntax for my users, too, as long as it allows them to define their own functions and is reasonably safe. since my cgi server script is in perl, perl-like syntax may be advantageous. pointers appreciated.
Back to
Seekers of Perl Wisdom
|
|