Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Re: Using taint mode to prevent XSS holes

by diotalevi (Canon)
on Jan 07, 2003 at 16:33 UTC ( #225017=note: print w/ replies, xml ) Need Help??


in reply to Using taint mode to prevent XSS holes

On a lark I took a quick trip out to CPAN - here's my suggestion written down as probably-useable code (meaning I didn't test it). It installs a filter on the STDOUT filehandle before script execution so no tainted data is allowed to print. Obviously if you start handling user-input prior to this INIT block then that isn't covered but you shouldn't do that anyway.

This can be enhanced by using an exception

package Filter::Handle::Tainted; # Put this code into the package just to have a reasonable # place to live. use Filter::Handle qw(subs); use Taint qw(tainted); use Exception::Class qw(Filter::Handle::Tainted::TaintException); INIT { Filter \ *STDOUT, sub { for (@_) { next unless tainted( $_ ); # Tainted data was about to be printed to # the handle. Throw an exception instead. Filter::Handle::Tainted::TaintException -> throw( error => "Tainted data may not be written to this +io handle." ); } }; }

Fun Fun Fun in the Fluffy Chair


Comment on Re: Using taint mode to prevent XSS holes
Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://225017]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others taking refuge in the Monastery: (6)
As of 2014-09-16 04:27 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite cookbook is:










    Results (155 votes), past polls