This pragma controls the use of regular expressions. It has four
possible invocations: "taint
" and
"eval
", which are lexically scoped, plus
"debug
" and "debugcolor
", which
aren't.
use re 'taint'; # Contents of $match are tainted if $dirty was also tainted. ($match) = ($dirty =~ /^(.*)$/s); # Allow code interpolation: use re 'eval'; $pat = '(?{ $var = 1 })'; # embedded code execution /alpha${pat}omega/; # won't fail unless under -T # and $pat is tainted use re 'debug'; # like "perl -Dr" /^(.*)$/s; # output debugging info during # compile time and run time use re 'debugcolor'; # same as 'debug', # but with colored output
When use re 'taint
' is in effect and a
tainted string is the target of a regex, the numbered regex variables
and values returned by the m//
operator in list
context are all tainted. This is useful when regex operations on
tainted data aren't meant to extract safe substrings, but to perform
other transformations. See the discussion on tainting in Chapter 23.
When use re 'eval
' is in effect, a regex is
allowed to contain assertions that execute Perl code, which are of the
form (?{ … })
, even when the regex contains
interpolated variables. Execution of code segments resulting from
variable interpolation into a regex is normally disallowed for
security reasons: you don't want programs that read patterns from
config files, command-line arguments, or CGI form fields to suddenly
start executing arbitrary code if they weren't designed to expect this
possibility. This use of the pragma allows only untainted strings to
be interpolated; tainted data will still cause an exception to be
raised (if you're running with taint checks enabled). See also Chapter 5, and Chapter 23.
For the purposes of this pragma, interpolation of precompiled
regular expressions (produced by the qr//
operator)
is not considered variable interpolation. Nevertheless, when you build
the qr//
pattern it needs to have use re
'eval
' in effect if any of its interpolated strings contain
code assertions. For example:
$code = '(?{ $n++ })'; # code assertion $str = 'w+' . $code; # build string to interpolate$line =~ /$str/; # this needs use re 'eval' $pat = qr/$str/; # this also needs use re 'eval' $line =~ /$pat/; # but this doesn't need use re 'eval'
Under use re 'debug
', Perl emits debugging
messages when compiling and when executing regular expressions. The
output is the same as that obtained by running a "debugging Perl" (one
compiled with -DDEBUGGING
passed to the C
compiler) and then executing your Perl program under Perl's
-Dr
command-line switch. Depending on how
complicated your pattern is, the resulting output can be overwhelming.
Calling use re 'debugcolor
' enables more colorful
output that can be useful, provided your terminal understands color
sequences. Set your PERL_RE_TC
environment variable
to a comma-separated list of relevant termcap
(5) properties for highlighting. For more details, see Chapter 20.