Pathologically Eclectic Rubbish Lister | |
PerlMonks |
Re: XSS protection in CGI::Applicationby Anonymous Monk |
on Mar 03, 2010 at 00:27 UTC ( [id://826305]=note: print w/replies, xml ) | Need Help?? |
-not a problem except if the runmode parameter was specified to have malicious javascript or something else like that. If CGI::Application or your subclass aren't properly escaping variable parts of error messages (runmode), that is a bug that needs to be fixed ( $self->query->escapeHTML($rm) ). What am I missing here? You seem to be using the query object to set headers which isn't the documented way to do it (Probably because of bad advice from CGI::Application::Plugin::Apache).
In Section
Seekers of Perl Wisdom
|
|