Hi --

On Thu, 22 May 2003, Brian Candler wrote:

> There was a discussion a few weeks back about Ruby's handling of ^
> and $ in regexps, and I have realised what may me so uncomfortable
> with it. I'm used to matching strings on /^...$/ to mean "match
> exactly this", and it doesn't work. In fact it could lead to very
> nasty security holes. Consider this example:

But... but... it's not like it's being kept a secret :-)  I guess
different regex systems do this differently.  sed, for example, treats
^...$ linewise, not stringwise:

  $ echo -e 'abc\ndef' | sed -e 's/^def$/ghi/'
  abc
  ghi

whereas Perl requires the /m modifer.  So there isn't already one
universal syntax outside of Ruby; there's always the need to adjust to
each language's view of things.  I refuse to cast Ruby as the villain
of the piece :-)

> [...]
>       str.untaint if str =~ /\A[a-z0-9]+\z/
>
> The asymmetry between \A and \z is annoying (I have to keep looking
> it up to remember which one is capital and which is lower-case), and
> it leaves regular expressions looking a lot less readable.

You can probably use \Z in most cases; the only difference between \z
and \Z is that \Z anchors before a trailing newline, if there is one.


David

-- 
David Alan Black
home: dblack / superlink.net
work: blackdav / shu.edu
Web:  http://pirate.shu.edu/~blackdav