On 10 Jun 2014, at 09:26, Andrew Beverley <a...@andybev.com> wrote: > > I'm happy to be restrictive to the user, and only allow straightforward > strings in double quotes. So anything else is removed or not allowed, > and the strings in quotes are checked as above. > > I would not be surprised if I've missed something though! > > Andy
I was sort of hoping that the not too subtle hints that using eval is a bad idea would pay off. Apparently not. Perl is quite complicated. You’ll keep missing things until you’re sick of patching security holes. Don’t do it. James