go ahead... be a heretic | |
PerlMonks |
Is the force_untaint option in HTML::Template overkill?by SilasTheMonk (Chaplain) |
on Sep 14, 2008 at 00:39 UTC ( [id://711204]=perlquestion: print w/replies, xml ) | Need Help?? |
SilasTheMonk has asked for the wisdom of the Perl Monks concerning the following question:
It's off by default and I turned it on by overriding load_tmpl in CGI::Application, on the principle that one better be safe than sorry. I am finding however that I am spending a lot of time untainting stuff that ought to be secure, just so I can out it into HTML::Template.
Update I have tried to reformulate this question here.
Back to
Seekers of Perl Wisdom
|
|