in reply to •Re: Untainting safely. (b0iler proofing?)
in thread Untainting safely. (b0iler proofing?)
I think what BrowserUK might be asking for is a library that can be used to handle the "usual" types of data. I'm interested in such a thing, as time and time again, people are untainting the same kinds of data.
Admittedly, such a module would never be strictly perfect, but it would be arguably better than the current condition. Positive progress is better than nothing, isn't it?
What about validators or untainters for such common bits of data as:
The idea is not that things are not necessarily valid names, phone numbers or e-mail addresses, but that they are at least, not dangerous or radioactive. In other words, a name of "Smith'; DROP TABLE foo;" would not be valid.
Just an idea.
Admittedly, such a module would never be strictly perfect, but it would be arguably better than the current condition. Positive progress is better than nothing, isn't it?
What about validators or untainters for such common bits of data as:
- Dates
- Times
- Names
- Integers
- Phone Numbers
- Postal Codes
- URLs
- E-mail addresses
- Free-form comments
The idea is not that things are not necessarily valid names, phone numbers or e-mail addresses, but that they are at least, not dangerous or radioactive. In other words, a name of "Smith'; DROP TABLE foo;" would not be valid.
Just an idea.
In Section
Seekers of Perl Wisdom