develooper Front page | perl.beginners | Postings from March 2002

Re: unallowed chars

Thread Previous | Thread Next
From:
John W. Krahn
Date:
March 29, 2002 17:05
Subject:
Re: unallowed chars
Message ID:
3CA50F35.487A63C3@acm.org
John wrote:
> 
> John wrote:
> >
> > The incoming e-mail form variables from my web page are vetted through
> > various tests before they're processed. The first thing I do is to
> translate
> > all "<, >, {, }, [, ]" characters to either "(" or ")", as appropriate. My
> > theory is that I don't want any HTML tags being taken in, and will gladly
> > suffer whatever small degradation which might occur to someone's prose
> style
> > as a consequence. <g>
> >
> >         $user_body =~ tr/<->/(-)/;
> >         $user_body =~ tr/{-}/(-)/;
> >         $user_body =~ tr/[-]/(-)/;
> 
> You do realize that using a hyphen (-) in a character class creates a
> range of characters.  tr/<->/(-)/ changes '<' to '(', '=' to '-' and '>'
> to ')'.  tr/{-}/(-)/ changes '{' to '(', '|' to '-' and '}' to ')'.
> tr/[-]/(-)/ changes '[' to '(', '\' to '-' and ']' to ')'.
> 
> You raise a good point.
> 
> I wondered about that at the time I wrote the program and ran experiments to
> see if I was getting what I thought I wanted. I don't think my experiments
> were as thorough as they should have been.
> 
> I'd thought the classes I set up, "<->", "{-}", and "[-]", only contained
> the two characters shown. However, I now see on an ASCII chart that there
> are some intervening characters which are included, too. I think I'll go
> back and change the code to be more specific just so I don't leave a hidden
> land mine for myself.
> 
> Thanks for catching that!


Just substitute those three lines with:

        $user_body =~ tr/<{[]}>/((()))/;


John
-- 
use Perl;
program
fulfillment

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About