Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine

Re: Using taint mode to prevent XSS holes

by diotalevi (Canon)
on Jan 07, 2003 at 16:33 UTC ( #225017=note: print w/replies, xml ) Need Help??

in reply to Using taint mode to prevent XSS holes

On a lark I took a quick trip out to CPAN - here's my suggestion written down as probably-useable code (meaning I didn't test it). It installs a filter on the STDOUT filehandle before script execution so no tainted data is allowed to print. Obviously if you start handling user-input prior to this INIT block then that isn't covered but you shouldn't do that anyway.

This can be enhanced by using an exception

package Filter::Handle::Tainted; # Put this code into the package just to have a reasonable # place to live. use Filter::Handle qw(subs); use Taint qw(tainted); use Exception::Class qw(Filter::Handle::Tainted::TaintException); INIT { Filter \ *STDOUT, sub { for (@_) { next unless tainted( $_ ); # Tainted data was about to be printed to # the handle. Throw an exception instead. Filter::Handle::Tainted::TaintException -> throw( error => "Tainted data may not be written to this +io handle." ); } }; }

Fun Fun Fun in the Fluffy Chair

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://225017]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others examining the Monastery: (5)
As of 2017-02-20 12:21 GMT
Find Nodes?
    Voting Booth?
    Before electricity was invented, what was the Electric Eel called?

    Results (295 votes). Check out past polls.