I ended up using what ikegami sugested + whitelist of allowed charactes in the fields. I needed to encode them since I print that back (HTML::FillInForm) together with error messages.
in reply to Preventing XSS
So in Data::FormValidator I created additional constraints such as that ordinary fields should contain alphanums, underscore, minus, space and dot. Email obviosly takes out space and adds @, while URL's add : and /
Have you tried freelancing? Check out Scriptlance
- I work there. For more info about Scriptlance and freelancing in general check out my home node