Problems? Is your data what you think it is? | |
PerlMonks |
Re^5: BBCode Parser in Perlby tinita (Parson) |
on Feb 08, 2011 at 11:53 UTC ( [id://886933]=note: print w/replies, xml ) | Need Help?? |
it's maybe a good idea if I just allow either proto:// or links starting with a slash. but your example does not do anything in my browsers (opera and iceweasel 3). if I enter 	 (maybe RT did some double escaping to the bug report?) it will be escaped to &#x09; If I enter tab or carriage return directly yes I get <a href="jav ascript:alert(String.fromCharCode(88,83,83))". but opera and iceweasel do nothing. maybe my browsers are too new. are there browsers that interpret that as valid javascript? oh, I guess MSIE could do. I never test it since I don't have windows here. I think I tested some javascript with newlines in it someday, but I guess I didn't expect that it would really still work in MSIE. Now, was it so difficult to finally tell me? update: oh, and by the way, I just looked at your suggested regex: $var =~ m{\A\w+://|/}i you'd need to put some parentheses around that after the \A (or repeat the \A before the slash). otherwise anything that has a slash in it will match.
In Section
Meditations
|
|