Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Re: Using taint mode to prevent XSS holes

by diotalevi (Canon)
on Jan 07, 2003 at 16:33 UTC ( #225017=note: print w/ replies, xml ) Need Help??


in reply to Using taint mode to prevent XSS holes

On a lark I took a quick trip out to CPAN - here's my suggestion written down as probably-useable code (meaning I didn't test it). It installs a filter on the STDOUT filehandle before script execution so no tainted data is allowed to print. Obviously if you start handling user-input prior to this INIT block then that isn't covered but you shouldn't do that anyway.

This can be enhanced by using an exception

package Filter::Handle::Tainted; # Put this code into the package just to have a reasonable # place to live. use Filter::Handle qw(subs); use Taint qw(tainted); use Exception::Class qw(Filter::Handle::Tainted::TaintException); INIT { Filter \ *STDOUT, sub { for (@_) { next unless tainted( $_ ); # Tainted data was about to be printed to # the handle. Throw an exception instead. Filter::Handle::Tainted::TaintException -> throw( error => "Tainted data may not be written to this +io handle." ); } }; }

Fun Fun Fun in the Fluffy Chair


Comment on Re: Using taint mode to prevent XSS holes
Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://225017]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (13)
As of 2015-07-30 17:28 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (273 votes), past polls