Health Warning

• Using eval() on data that comes from outside your program will seriously damage your security
• Do not use it unless the template comes from
  • Within your program
  • A file considered part of your program source from the point of view of security
  • A user who has shell access anyhow (not in SUID scripts)
• You have to be really sure the above will always be true

my $evil_data='Ha ha ha... @{[ system "rm -rf /" ]}';

• Also note that mixing your code and data namespaces is ugly for reasons I can't afford to go into

next