| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
Comments:
<0> he implemented it, based on suggestions I made
<1> b_jonas: they say "It's a kludge, but it works."
<2> sure
<1> b_jonas: MJD says in "12 Faces of MJD" that the comp.lang.lisp people mention Perl much more than the comp.lang.python people mention it.
<1> b_jonas: http://perl.plover.com/yak/12views/samples/notes.html
<1> perlbot: mjd 12
<1> perlbot: mjd 12 is http://perl.plover.com/yak/12views/samples/notes.html
<3> added mjd 12 to the database
<4> Has anyone ever written a browser in perl?
<1> AI_coder: I think there are a few web-browsers written in Perl.
<1> AI_coder: nothing to match Firefox, but still.
<1> AI_coder: it probably won't be very hard to get to a basic one.
<2> in fact basic print knew more: "print foo;bar" added nothing between foo and bar, "print foo,bar" added a tab
<1> But getting the HTML/XHTML, CSS, JS, etc. right would be a bitch.
<1> b_jonas: I see.
<4> rindolf: Yeah, the js would be the toughest part.
<1> One of the reasons I like Perl is that it has a little of a BASIC feel to it.
<4> images, css, html would be fairly trivial however.
<1> AI_coder: CSS is also a bitch to get right.
<1> AI_coder: there's Spidermonkey which is a JS interpreter in Perl.
<5> rindolf: its not only the feel
<4> rindolf: How so? It's pretty clear and simple, borders, alignment, margins, positions.
<2> the joe editor also has an interesting use for the comma: in the config file when you write macros, the commands are joined with commas, but a trailing comma means that the definition continues on the next line
<1> And Mozilla also has a reusable JS interpter.
<1> Harzilein: yes.
<4> rindolf: I was thinking of putting a perl interpreter in the browser.
<6> huhu, vim has reverse line continuation
<4> <script type="text/perl">
<1> "A good Fortran programmer can write good fortran in any programming language."
<0> there's a simple web browser in the perl-Tk distro
<1> AI_coder: that would be nice.
<2> but that's a really brain-dead language, joe config files. a line starting with whitespace is taken as a comment.
<1> AI_coder: someone started working on doing it for Python in Mozilla.
<5> rindolf: i was shown that i can ***ign to the substr function just like it worked with left$
<2> ah, yes
<1> AI_coder: I think they'll also be happy to have Perl too, but embedding Perl is not a small proble.
<2> except it's mid$
<7> hey everyone
<4> rindolf: I suppose dom could be a bitch.
<7> what's the best way to untaint an email address?
<0> probably about a bot.
<8> merlyn lol
<0> what does "untaint" mean?
<0> in this context?
<5> b_jonas: left$, right$, mid$, the example i gave was left$
<8> merlyn you dont like bot?
<1> AI_coder: I still don't know the Perl XS and embedding too well. I sort of hack and copy and paste when I need to (which is rarely).
<1> AI_coder: there' s a good book about it from Manning.
<1> perlbot: E&EP
<3> Extending and Embedding Perl - http://www.manning.com/jenness/
<0> an email address can have *any* char in it. so just don't use it unsafely
<1> Harzilein: substr is more flexible than mid with all the negative indices.
<0> never put it near a shell command line
<0> or a filename
<7> merlyn, well, I have taint mode on, and I'm accepting an email address from a form on a website. So I want to make sure the user doesn't try to submit anything stupid (like perl code or something).
<0> just what I just said
<0> "print 'hello'"@stonehenge.com is a valid email address
<0> you cannot reject that
<6> haha, I bet there are perl programs that are valid mail addresses
<1> Wyleyrabbit: CGI::escapeHTML, use $dbh->quote()
<0> so just be very safe about how you handle it
<1> Wyleyrabbit: or alternatively placeholders.
<0> right
<0> use placeholders, and keep it away from shell and filenames
<7> merlyn, only thing I'm doing with it is emailing it to someone.
<7> within the body of a message
<0> then you're safe
<6> (print "Hello, world\n")*@example.com
<0> because there it's just data
<6> I think that's valid
<1> Wyleyrabbit: there's also a shell escape module on CPAN. By Roderick.
<5> rindolf: it wasn't about the capabilities it was about using substr on the lhs to ***ign to a substring
<0> Yeah, that's valid
<1> Harzilein: yes, I know.
<0> merlyn@(print "hello")stonehenge.com
<1> Harzilein: I didn't recall that BASIC had that.
<7> yer kidding, right? You could have a hello world script as an email???
<0> Wyleyrabbit yes
<6> eval: merlyn@(print "hello")stonehenge.com
<0> that's why we keep saying YOU CANNOT UNTAINT THEM
<9> mauke: Error: syntax error at (eval 162) line 15, near "#line 1 eval merlyn@(" Array found where operator expected at (eval 162) line 15, at end of line (Missing operator before ?) Bareword fo
<10> Wyleyrabbit: The cheap way to untaint something is to do: ($x) = ($x =~ /(.*)/s)
<6> merlyn: doesn't parse :(
<0> just treat them as dangerous
<1> Wyleyrabbit: there's also CGI::Untaint, IIRC.
<0> but no point in untatinting
<0> that's actually dangerous
<0> and CGI::Untaint is *evil*
<5> rindolf: not all flavours have it (and i don't have the ansi standard), i had to search a bit before i found that yabasic supports it
<0> dammit - you cannot *generall* untaint things
<10> I didn't say it was safe. I said it was cheap.
<1> Harzilein: OK.
<0> the point of untainting is to get you to THNK
<5> rindolf: commodore basic v2 had it %-)
<0> THINK
<0> as in THINK about the fact that this is dangerous code
<1> Harzilein: now there's going to be Visual Basic 9 with XML embedding etc. audreyt gave a talk about it in OSDC::Israel::2006.
<0> people who untaint are like SUV drivers that go 60 in the snow because "they're safe with 4-wheel drive"
<1> Harzilein: yeah, OK.
<2> Harzilein: yes, but I think you can only ***ign to mid$
<10> haha
<2> not the other two
<0> it's a complete misuse of what tainting sis for
<1> Harzilein: from what I undertsood, the BASIC was the OS of the Commodore 64/128.
<11> THIMK
<2> rindolf: yes it was
<1> Harzilein: sort of like the LISP machine only with a lamer language.
<5> rindolf: well, at least it was its user interface
<1> beth has pictured a LISP machine on her blog.
<10> say what?
<11> rindolf: lisp machines were very cool in comparison to something like the Commodore
<1> cfedde: yeah. They also costed appropriately.
<10> Lithp Mathineth
<5> cfedde: hmm... but there's no lisp machine demoscene, where for the c64 there is ;)
<1> Lips machine.
<11> Harzilein: depends on the circles you ran in.
<1> Lips Jagger.
<2> I doubt there would be so many good games for the lisp machine than for commodore
<12> how do I find the closest cpan repository? is there an automation tool?
<1> b_jonas: yeah.
<11> were there good games for the commodore? I remember there being lots of games. But none of them were good.
<1> Great! No search - http://blog.loxosceles.org/
<12> cfedde: I liked James Bond...
<2> and which lisp machine could be plugged to a _color_ tv?
<12> cfedde: and some text adventures
<1> cfedde: there were lots of good games for the PC.
<5> cfedde: you bet. zak mccracken, commando, bubble bobble, giana sisters...
<1> cfedde: adventure games, puzzle games and stuff.
<0> & fetching food
<12> cfedde: But I had an Apple IIe personally, and I played Robotron and some Sierra adventures ;-)
<1> cfedde: the graphic was not as attractive as today's games, but they were excellent.
<1> cfedde: I didn't play the Commodore 64.
<4> rindolf: I grew up on the commodore.
<1> cfedde: http://www.logicmazes.com/s7g2k/video.html
<1> AI_coder: OK.
<1> AI_coder: well, my first real computer was an 8088 XT with two floppies and no hard disk.
<4> I forgot the games I used to play, but I'd show them off to my nintendo playing friends after we loaded them off of a data c***ette.
<1> AI_coder: heh, yes I remembre them c***ettes.
<11> that was one of the advantages of the cartridge boxes over the "computers" those c***ettes were lameo
<1> They were Standard audio c***ettes. You could copy them using a double-deck tape.
<2> I sometimes read the thread "http://www.perlmonks.com/?node_id=271255"; if I want nostalgy like this
<10> rindolf: hehe
<8> can i use two and with DBI like WHERE id = ? AND name = ? AND level = ?
<1> I used 5.25" floppies.
<11> 2400baud audio encoding iirc.
<1> First 320 KB, then 1.2 MB.
<10> trombone: sure
<8> thx
Return to
#perl
or
Go to some related
logs:
aoss chroot
#perl
fbpanel a_NET_WM_STATE wincmd.so
#web
+powerpath +redhat
#python
access denied policyd
tortouise CVS
difference between copy() and move_uploaded() in php
#css
|
|