good chemistry is complicated, and a little bit messy -LW |
|
PerlMonks |
Re: Best Module for Cross-Site Scripting ?by rowdog (Curate) |
on Aug 19, 2010 at 11:13 UTC ( [id://855999]=note: print w/replies, xml ) | Need Help?? |
You should be able to clean up the tags with one of the tidy or lint modules. As for avoiding JavaScript injection, my advice would be to skip HTML altogether and let the users use something like BBCode instead. You will also want to run the user input through something like HTML::Entities to escape any attempts at markup. Please be careful; it's very easy to screw up this kind of code with one little mistake.
In Section
Seekers of Perl Wisdom
|
|