Re^2: Input Validation for Template Toolkit


Think about Loose Coupling
	PerlMonks

Re^2: Input Validation for Template Toolkit

by dipit (Sexton)

on Jun 20, 2018 at 09:40 UTC ( [id://1216993]=note: print w/replies, xml )

Need Help??

in reply to Re: Input Validation for Template Toolkit
in thread Input Validation and pattern matching in Template Toolkit

Hello Corion! Thanks for your response. "attack" can contain values such as xxx@domain.com. In this case, every input is escaped or encoded but i need to encode only attacking ones like login=<script>...</script> etc. Thats why, i wanted to match the input with keywords and display the template accordingly.

Comment on Re^2: Input Validation for Template Toolkit

Replies are listed 'Best First'.
Re^3: Input Validation for Template Toolkit by Corion (Patriarch) on Jun 20, 2018 at 10:32 UTC
Sure, but then somebody could submit `login=<img src="http://evil.example.com/attack.js">`, and you would have to catch that too. And certainly, there are other attacks. I would recommend to escape all data that is user-supplied.	[reply] [d/l]

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://1216993]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others studying the Monastery: (5)

As of 2024-04-25 10:24 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found