repo_atom: add comments around string eval usage

Readers unfamiliar with the code may see a code injection
vulnerability here, so try to reassure them that we're using
`--perl'-escaped output from git-for-each-ref(1) that ought
to be safe to run through `eval'.

diff --git a/lib/PublicInbox/RepoAtom.pm b/lib/PublicInbox/RepoAtom.pm
index eb0ed3c7786dc9c166055246c7ca833256aeab34..2e5c3d7649ce647a059c310425e3f48023fd70d9 100644 (file)
--- a/lib/PublicInbox/RepoAtom.pm
+++ b/lib/PublicInbox/RepoAtom.pm
@@ -52,8 +52,8 @@ sub translate {
        while ($lbuf =~ s/\A([^\0]+)\0\n//s) {
                utf8_maybe($bdy = $1);
                if ($is_tag) {
-                       my %r;
-                       eval "$bdy";
+                       my %r; # filled by eval:
+                       eval "$bdy"; # `git for-each-ref --perl' output
                        for (qw(contents:subject contents:body)) {
                                $r{$_} =~ /\S/ or delete($r{$_})
                        }