Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things

Re: Using taint mode to prevent XSS holes

by diotalevi (Canon)
on Jan 07, 2003 at 16:33 UTC ( #225017=note: print w/replies, xml ) Need Help??

in reply to Using taint mode to prevent XSS holes

On a lark I took a quick trip out to CPAN - here's my suggestion written down as probably-useable code (meaning I didn't test it). It installs a filter on the STDOUT filehandle before script execution so no tainted data is allowed to print. Obviously if you start handling user-input prior to this INIT block then that isn't covered but you shouldn't do that anyway.

This can be enhanced by using an exception

package Filter::Handle::Tainted; # Put this code into the package just to have a reasonable # place to live. use Filter::Handle qw(subs); use Taint qw(tainted); use Exception::Class qw(Filter::Handle::Tainted::TaintException); INIT { Filter \ *STDOUT, sub { for (@_) { next unless tainted( $_ ); # Tainted data was about to be printed to # the handle. Throw an exception instead. Filter::Handle::Tainted::TaintException -> throw( error => "Tainted data may not be written to this +io handle." ); } }; }

Fun Fun Fun in the Fluffy Chair

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://225017]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (2)
As of 2022-10-03 20:53 GMT
Find Nodes?
    Voting Booth?
    My preferred way to holiday/vacation is:

    Results (15 votes). Check out past polls.