develooper Front page | perl.perl6.compiler | Postings from July 2016

[perl #128684] .EVAL as a method call bypasses theMONKEY-SEE-NO-EVAL pragma

From:
Zoffix Znet
Date:
July 20, 2016 19:36
Subject:
[perl #128684] .EVAL as a method call bypasses theMONKEY-SEE-NO-EVAL pragma
Message ID:
rt-4.0.18-14931-1469043370-363.128684-82-0@perl.org
# New Ticket Created by  Zoffix Znet 
# Please include the string:  [perl #128684]
# in the subject line of all future correspondence about this issue. 
# <URL: https://rt.perl.org/Ticket/Display.html?id=128684 >


The EVAL as a sub shows an error message about MONKEY-SEE-NO-EVAL:

m: my $x = 'say "hello"'; EVAL "$x"
rakudo-moar 58dc8c: OUTPUT«===SORRY!=== Error while compiling <tmp>␤EVAL is a very dangerous function!!! (use MONKEY-SEE-NO-EVAL to override,␤but only if you're VERY sure your data contains no injection attacks)␤at <tmp>:1␤------> my $x = 'say "hello"'; EVAL "$x"…»

However, if the method form of EVAL is used, no such error is generated:
m: my $x = 'say "hello"'; "$x".EVAL
rakudo-moar 58dc8c: OUTPUT«hello␤»

Expected behaviour: both versions show the error.



-- 
Cheers,
ZZ | https://twitter.com/zoffix



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About