Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Re: Using taint mode to prevent XSS holes

by diotalevi (Canon)
on Jan 07, 2003 at 16:33 UTC ( [id://225017]=note: print w/replies, xml ) Need Help??


in reply to Using taint mode to prevent XSS holes

On a lark I took a quick trip out to CPAN - here's my suggestion written down as probably-useable code (meaning I didn't test it). It installs a filter on the STDOUT filehandle before script execution so no tainted data is allowed to print. Obviously if you start handling user-input prior to this INIT block then that isn't covered but you shouldn't do that anyway.

This can be enhanced by using an exception

package Filter::Handle::Tainted; # Put this code into the package just to have a reasonable # place to live. use Filter::Handle qw(subs); use Taint qw(tainted); use Exception::Class qw(Filter::Handle::Tainted::TaintException); INIT { Filter \ *STDOUT, sub { for (@_) { next unless tainted( $_ ); # Tainted data was about to be printed to # the handle. Throw an exception instead. Filter::Handle::Tainted::TaintException -> throw( error => "Tainted data may not be written to this +io handle." ); } }; }

Fun Fun Fun in the Fluffy Chair

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://225017]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (2)
As of 2024-03-19 07:14 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found