develooper Front page | perl.perl5.porters | Postings from February 2019

Re: Comment: Restricting POSIX character classes to ASCII

Thread Previous
From:
Karl Williamson
Date:
February 16, 2019 16:31
Subject:
Re: Comment: Restricting POSIX character classes to ASCII
Message ID:
26dfa059-b537-614e-9c60-9685a13acd61@khwilliamson.com
On 1/21/19 12:02 PM, Thomas (HFM) Wyant wrote:
> Dear Perl Porters,
> 
> 
> While researching correspondence re my recent blog post on sanitizing 
> numeric input 
> (http://blogs.perl.org/users/tom_wyant/2019/01/untrusted-numeric-input.html) 
> I discovered the following in perlrecharclass as the last paragraph in 
> "POSIX Character Classes":
> 
> 
> It is proposed to change this behavior in a future release of Perl so that
> whether or not Unicode rules are in effect would not change the behavior:
> Outside of locale, the POSIX classes would behave like their ASCII-range
> counterparts. If you wish to comment on this proposal, send email to
> "perl5-porters@perl.org".
> 
> 
> In response to this offer, I would like to share the following thoughts:
> 
> 
> * Is this still the plan? If this is no longer the plan, the paragraph 
> should be removed. If it is still the plan, I believe more publicity 
> would be helpful -- say, on https://www.perl.com/. I was able to track 
> this paragraph as far back as Perl 5.14.0, May 2011, so if it is still 
> the plan it has been hanging fire for almost 8 years.

This is not the plan anymore, and I have removed the paragraph in 
4f5c9941bb6f93a967e4cc3ef19c9d39351f0ad3
> 
> 
> * I would prefer that the referred-to change NOT be made. We already 
> have a good half-dozen ways to deal with the "restrict to ASCII range" 
> problem, most of which are Perl-version-dependent. The justification for 
> adding yet another is unclear to me. Specifically, what does it get me 
> that 'use re /a;' (introduced in 5.13.10) does not?
> 
> 
> * If there are compelling reasons to pursue this, I would appreciate it 
> if those reasons were made explicit.
> 
> 
> * If this change is pursued, please try to do it in a way that minimizes 
> the need for Perl code to be aware of the version of Perl it runs under. 
> This seems to me to mean tying it to 'use 5.xxxx;', but there may well 
> be better ways.
> 
> 
> With thanks for shepherding Perl into its 4th decade (!!!)
> 
> 
> Tom Wyant
> 

Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About