Don't ask to ask, just ask | |
PerlMonks |
Re: Perl data notationby davido (Cardinal) |
on Jul 15, 2014 at 14:54 UTC ( [id://1093720]=note: print w/replies, xml ) | Need Help?? |
If by Perl's data notation you mean Data::Dumper type output, that's what Data::Dumper does; it serializes data structures in such a way that they would be perfectly legal as source code. That makes it possible to eval them back to existence. But consider the implications of string eval: You would be executing your input. In the context of web work, you would be eval'ing (compiling and running) user input! That is the biggest of all possible security risks. So to do it safely, you would need to come up with a module that parses the input similar to the way in which a JSON parser parses its input, and then returns a living data structure. And by the time you've done that, you may as well just use JSON; a format that everyone knows and understands, with robust parsing solutions available. Even though JavaScript could "eval" most JSON input, in practice it's not done that way, for the same reason I've described above. Instead, it parses JSON into a data structure using a JSON parser, never actually compiling and executing it. Dave
In Section
Seekers of Perl Wisdom
|
|