Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

Re: XSS protection in CGI::Application

by skx (Parson)
on Mar 02, 2010 at 19:30 UTC ( #826239=note: print w/ replies, xml ) Need Help??


in reply to XSS protection in CGI::Application

The way I'd solve this is to explicitly catch an unknown mode via:

my $self = shift; $self->run_modes( # default 'index' => 'index', # user's tag cloud 'tag_cloud' => 'tag_cloud', 'edit_tags' => 'edit_tags', 'tag_find' => 'tag_find', .. # called on unknown mode. 'AUTOLOAD' => 'unknown_mode', );

In your unknown mode you can then handle it as you wish - without echoing the mode back to the client and potentially allowing an XSS attack.

My own method is generally:

sub unknown_mode { my ( $self, $requested ) = (@_); my $q = $self->query(); my $session = $self->param('session'); my $username = $session->param('logged_in'); $requested = HTML::Entities::encode_entities($requested); if ( defined($username) && length($username) ) { return "<p>unknown mode '$requested' for logged in user $usern +ame</p>"; } else { return "<p>Unknown mode '$requested' for anonymous user.</p>"; } }

Obviously the username section is specific to the sites I design .. but the idea of handling the unknown mode yourself should be simple enough to understand?

Steve
--


Comment on Re: XSS protection in CGI::Application
Select or Download Code
Re^2: XSS protection in CGI::Application
by srdst13 (Pilgrim) on Mar 02, 2010 at 19:54 UTC

    This worked as expected. Thanks for the help.

    Sean

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://826239]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (10)
As of 2014-12-18 10:55 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (49 votes), past polls