|Pathologically Eclectic Rubbish Lister
Using taint mode to prevent XSS holesby IlyaM (Parson)
|on Jan 06, 2003 at 23:10 UTC
Perl have nice feature called taint mode which helps developers to write more secure code by forcing them to carefully verify all input. However it doesn't help to prevent certain type of security vulnerabilities like XSS because this type of security vulnerabilities happen when developer doesn't verify and escape output. On first look it seems that taint mode is useless to force checking of output. But I was still thinking if it is really useless in this case. And I've got this idea: how about implementing an additional layer between web applications and its clients which would assure that tainted data cannot pass into web application's output. As result of this meditation I've come up with this merely proof-of-concept implementation which works with Template::Toolkit based applications.
This is almost drop-in replacement module for Template module which will complain if it notices any tainted data in output. Another missing piece is convenient plugin for Template which would implement HTML/URL escaping in output and untaint escaped strings at same time. Template toolkit provides two plugins useful to do escaping of strings in HTML: Template::Plugin::URL and Template::Plugin::HTML. They only have to be slighly changed to untaint escaped strings.
Now example application: nearly hello world :).
P.S. Note that it is merely proof-of-concept just to show the idea. There are probably some missing pieces (for example real implementation should untaint templates which are read by Template Toolkit from filesystem). And I'm sure same idea can be ported to other templating modules.