Health Warning
- Using eval() on data that comes from outside your program will seriously damage your security
- Do not use it unless the template comes from
- Within your program
- A file considered part of your program source from the point of view of security
- A user who has shell access anyhow (not in SUID scripts)
- You have to be really sure the above will always be true
my $evil_data='Ha ha ha... @{[ system "rm -rf /" ]}';
- Also note that mixing your code and data namespaces is ugly for reasons I can't afford to go into
next