Re: XSS protection in CGI::Application


Pathologically Eclectic Rubbish Lister
	PerlMonks

Re: XSS protection in CGI::Application

by Anonymous Monk

on Mar 03, 2010 at 00:27 UTC ( [id://826305]=note: print w/replies, xml )

Need Help??

in reply to XSS protection in CGI::Application

-not a problem except if the runmode parameter was specified to have malicious javascript or something else like that.

If CGI::Application or your subclass aren't properly escaping variable parts of error messages (runmode), that is a bug that needs to be fixed ( $self->query->escapeHTML($rm) ).

What am I missing here?

You seem to be using the query object to set headers which isn't the documented way to do it (Probably because of bad advice from CGI::Application::Plugin::Apache).

Comment on Re: XSS protection in CGI::Application Download Code

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://826305]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others lurking in the Monastery: (3)

As of 2024-04-24 19:00 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found