summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/bugs/pagespec_can__39__t_match___123__curly__125___braces.mdwn15
1 files changed, 15 insertions, 0 deletions
diff --git a/doc/bugs/pagespec_can__39__t_match___123__curly__125___braces.mdwn b/doc/bugs/pagespec_can__39__t_match___123__curly__125___braces.mdwn
index 246cdc421..c03f82907 100644
--- a/doc/bugs/pagespec_can__39__t_match___123__curly__125___braces.mdwn
+++ b/doc/bugs/pagespec_can__39__t_match___123__curly__125___braces.mdwn
@@ -23,3 +23,18 @@ More tests:
[[!inline show="3" feeds="no" archive="yes" pages="*\{*"]]
+> This is due to the current handling of quoting and escaping issues
+> when converting a pagespec to perl code. `safequote` is used to
+> safely quote an input string as a `q{}` quote, and it strips
+> curlies when doing so to avoid one being used to break out of the `q{}`.
+>
+> Alternative ways to handle it would be:
+> * Escape curlies. But then you have to deal with backslashes
+> in the user's input as they could try to defeat your escaping.
+> Gets tricky.
+> * Avoid exposing user input to interpolation as a string. One
+> way that comes to mind is to have a local string lookup hash,
+> and insert each user specified string into it, then use the hash
+> to lookup the specified strings at runtime.
+>
+> --[[Joey]]