diff options
author | Joey Hess <joey@gnu.kitenet.net> | 2009-05-18 15:08:49 -0400 |
---|---|---|
committer | Joey Hess <joey@gnu.kitenet.net> | 2009-05-18 15:08:49 -0400 |
commit | 0516ba04d014628be983dbd3e4c28a8f52a2c3e7 (patch) | |
tree | 87ced22c6da29b2e1b367cfbd8ec56585783c16e /doc | |
parent | 59d0c28e8fa2dd9998ee212be36875510fa04f9f (diff) |
analysis
Diffstat (limited to 'doc')
-rw-r--r-- | doc/bugs/pagespec_can__39__t_match___123__curly__125___braces.mdwn | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/doc/bugs/pagespec_can__39__t_match___123__curly__125___braces.mdwn b/doc/bugs/pagespec_can__39__t_match___123__curly__125___braces.mdwn index 246cdc421..c03f82907 100644 --- a/doc/bugs/pagespec_can__39__t_match___123__curly__125___braces.mdwn +++ b/doc/bugs/pagespec_can__39__t_match___123__curly__125___braces.mdwn @@ -23,3 +23,18 @@ More tests: [[!inline show="3" feeds="no" archive="yes" pages="*\{*"]] +> This is due to the current handling of quoting and escaping issues +> when converting a pagespec to perl code. `safequote` is used to +> safely quote an input string as a `q{}` quote, and it strips +> curlies when doing so to avoid one being used to break out of the `q{}`. +> +> Alternative ways to handle it would be: +> * Escape curlies. But then you have to deal with backslashes +> in the user's input as they could try to defeat your escaping. +> Gets tricky. +> * Avoid exposing user input to interpolation as a string. One +> way that comes to mind is to have a local string lookup hash, +> and insert each user specified string into it, then use the hash +> to lookup the specified strings at runtime. +> +> --[[Joey]] |