Message189405
| Author |
gregory.p.smith |
| Recipients |
aaronsw, gregory.p.smith, josiahcarlson, mark.dickinson, mrabarnett, pitrou, rsc, schmir, terry.reedy, timehorse, witten, yarkot |
| Date |
2013年05月16日.20:27:53 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1368736073.89.0.757133461743.issue1662581@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
The recommendation for anyone using regular expressions on hostile input is to (a) don't do that. (b) use a better regexp without this possible behavior and (c) use something like re2 (there's a Python binding at https://github.com/axiak/pyre2) which is a regular expression engine that this cannot happen to.
fixing this within python requires a complete rewrite and replacement of the re module with one that uses a different approach. see the other work on the MRAB regex module and discussion surrounding that. that is a non trivial task and it is fixing other more important things (unicode correctness!) than this...
Given that, I don't actually expect this issue to ever be fixed.
IMNSHO: People shouldn't abuse regexes and get themselves into this situation in the first place. ;)
discussion should really happen on python-ideas. |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2013年05月16日 20:27:53 | gregory.p.smith | set | recipients:
+ gregory.p.smith, aaronsw, terry.reedy, josiahcarlson, mark.dickinson, pitrou, rsc, timehorse, schmir, mrabarnett, yarkot, witten |
| 2013年05月16日 20:27:53 | gregory.p.smith | set | messageid: <1368736073.89.0.757133461743.issue1662581@psf.upfronthosting.co.za> |
| 2013年05月16日 20:27:53 | gregory.p.smith | link | issue1662581 messages |
| 2013年05月16日 20:27:53 | gregory.p.smith | create |
|