@tripleo#Perl’s “sharp edges” are mainly early syntax and features that later experience with large and networked #programming found dangerous, but are preserved for backward (and we do mean “backward”) compatibility.
See the details of the strict and warnings pragmas, and successively missing items in feature bundles:
@tripleo I would also be remiss not to mention #Perl's included perltrap manual page, which notes both the strict and warnings pragmas and also has nice lists of things for those coming from other #programming languages and tools like #AWK, #C and #CPlusPlus, #JavaScript, #sed, and #shell.
Ok, I just read it, and the actual question is what is the function (keyword) that takes unsanitized input and lets the interpreter know that it's ok to trust it?
@tripleo You’re thinking of #Perl’s “taint mode” (stop your teenage giggling), where outside data is untrusted unless it’s the extracted subpattern match in a #RegularExpression.
@tripleo You could use #Perl's taint mode for web inputs, but that’s a big performance-reducing hammer affecting everything outside your program: command line arguments, environment variables, locale, file input, certain system calls, etc.. It also breaks many #CPAN modules, including popular web application frameworks.
There's no one-size-fits-all solution, so use whatever’s appropriate for your web input. Start with @owasp’s Top 10: https://OWASP.org/www-project-top-ten/
@tripleo If you want decent integration with 3rd party stuff (google APIs, amazon, etc...) you may need to write your own client stuff as most big service providers seem to have forgotten that #Perl exists
@leonerd@tripleo I can only confirm this, even if currently FFI support does allow to bind #Perl to C/C++ quite easily. I find the general situation much better of other seasoned languages such as #Tcl or #Lisp, instead.
Add comment