analysis

author Joey Hess <joey@gnu.kitenet.net>

Mon, 18 May 2009 19:08:49 +0000 (15:08 -0400)

committer Joey Hess <joey@gnu.kitenet.net>

Mon, 18 May 2009 19:08:49 +0000 (15:08 -0400)
author Joey Hess <joey@gnu.kitenet.net>
Mon, 18 May 2009 19:08:49 +0000 (15:08 -0400)
committer Joey Hess <joey@gnu.kitenet.net>
Mon, 18 May 2009 19:08:49 +0000 (15:08 -0400)
diff --git a/doc/bugs/pagespec_can__39__t_match___123__curly__125___braces.mdwn b/doc/bugs/pagespec_can__39__t_match___123__curly__125___braces.mdwn

index 246cdc421054a0fab9e39a97e720f6e927bee334..c03f8290767b9c2c03e55e51be1078c23e1cb712 100644 (file)
--- a/doc/bugs/pagespec_can__39__t_match___123__curly__125___braces.mdwn
+++ b/doc/bugs/pagespec_can__39__t_match___123__curly__125___braces.mdwn
@@ -23,3 +23,18 @@ More tests:
  
  [[!inline show="3" feeds="no" archive="yes" pages="*\{*"]]
  
+> This is due to the current handling of quoting and escaping issues
+> when converting a pagespec to perl code. `safequote` is used to
+> safely quote an input string as a `q{}` quote, and it strips
+> curlies when doing so to avoid one being used to break out of the `q{}`.
+> 
+> Alternative ways to handle it would be:
+> * Escape curlies. But then you have to deal with backslashes
+>   in the user's input as they could try to defeat your escaping.
+>   Gets tricky.
+> * Avoid exposing user input to interpolation as a string. One
+>   way that comes to mind is to have a local string lookup hash,
+>   and insert each user specified string into it, then use the hash
+>   to lookup the specified strings at runtime.
+> 
+> --[[Joey]]
author	Joey Hess <joey@gnu.kitenet.net>
	Mon, 18 May 2009 19:08:49 +0000 (15:08 -0400)
committer	Joey Hess <joey@gnu.kitenet.net>
	Mon, 18 May 2009 19:08:49 +0000 (15:08 -0400)