in reply to Re: Back to acceptable untainted characters
in thread Back to acceptable untainted characters
3. In all cases, RegExp/escape any HTML from users so the code would never render in a browser...unless you want some HTML to render, as you might in e.g. a user "biography" field. In that case, you'll probably want to do some trickery with an HTML parser module to allow a few tags and attributes and strip out the rest.
Once again, though, note the use of "allow". Decide what's permissible and take out everything else. Better safe than sorry.
=cut
--Brent Dax
There is no sig.
In Section
Seekers of Perl Wisdom