There's more than one way to do things | |
PerlMonks |
Module to filter user-input HTML text for security?by u914 (Pilgrim) |
on Jul 17, 2004 at 09:59 UTC ( [id://375217]=perlquestion: print w/replies, xml ) | Need Help?? |
u914 has asked for the wisdom of the Perl Monks concerning the following question:
Hello Monks,
I've trolled around Search, Super Search, http://perlmonks.thepen.com and CPAN's HTML section looking for a nice way to take web-input data and filter it for broken and/or potentially harmful things. HTML::QuickCheck looks close, but only parses for correct html, and was last updated in 1995. update: using cpan.uwinnipeg.ca is not the best idea, as it seems rather out of date. Alas, no luck. I'm using blosxom and would like to use the the comments plugin, but it is heinously insecure in that it accepts any old text and will then post it to the blogpage... I'm concerned about SSI, bad/unclosed html tags, cross-site scripting (XSS) attacks and so forth... the HTML-QuickCheck module addresses some of this, and i could use a regex to filter HTML comments and PHP include tags and so forth, but i suspect someone has already built this wheel. Recommendations? UPDATE: i found my own answer while checking the CPAN link above.... HTML::CGIChecker. I'm going to post this anyhow, so others can see it, and for the next schlub who searches here for help on securing blosxom, may (s)he find it early! update2: using cpan.uwinnipeg.ca is not the best idea, as it seems rather out of date.
Back to
Seekers of Perl Wisdom
|
|