On Thu, Aug 18, 2016 at 10:38:57AM -0400, Brandon Allbery wrote:
> On Thu, Aug 18, 2016 at 9:13 AM, Claudio <perl6-bugs-follo...@perl.org>
> wrote:
>
> > Tools like vim-syntastic and atom use 'perl6-c' (the only valid linter for
> > now) to report syntax errors. Because "perl6 -c" executes code (BEGIN and
> > CHECK blocks as documented), this is a security concern for external code.
>
> The problem is that you probably can't parse the code successfully if you
> can't run BEGIN blocks. While this is currently less true of perl 6 code in
> the wild, it's actually even worse in potential than perl 5's ability to
> mutate its parser because a module can implement entire new languages.
Also, many things in Perl 6 get executed at BEGIN time even if they're
not explicitly in a BEGIN block. Constant and class declarations come
to mind, but I'm sure there are more.
For example:
$ cat xyz.p6
use v6;
say "1: mainline";
constant $a = say "2: constant";
BEGIN { say "3: BEGIN"; }
$ ./perl6 xyz.p6
2: constant
3: BEGIN
1: mainline
Pm
