|XP is just a number|
Re: Parse::RandGen::Regexpby Tanktalus (Canon)
|on Aug 06, 2005 at 16:46 UTC||Need Help??|
There are a number of aspects here. First, your initial problem: the \s. Try escaping the \:
However, then you need to still use the qr operator:
But even that won't work the way you think it will because the leading and trailing delimiters will be treated literally - so the regular expression will match something that has a slash, then a beginning-of-line zero-width assertion, and has a trailing "/smi", literally. You could do something like:
but that's unsafe if you get your regexp from an unsafe source. Then again, if you're getting regexp's from unsafe sources, I'm not sure how easy it is to strip out unsafe aspects of regular expressions which could execute arbitrary perl code during a match.
To remove the eval, you would also have to limit your input to not include the leading/trailing delimiters. Nor would the smi flags be allowed (or they're mandatory). However, even then, the input can still control these flags inside a regular expression:
Note how the \'s aren't escaped here. Because this is data, and not interpreted by perl (until we get to the regular expression handler), we don't need to escape here. Nothing is escapable because nothing is treated as special. Once you've read this in, you can go back to using qr/$regexp/ in your call to the P::RG::R constructor.
Hope this helps.