Re: Re: Back to acceptable untainted characters


go ahead... be a heretic
	PerlMonks

Re: Re: Back to acceptable untainted characters

by BrentDax (Hermit)

on Sep 08, 2003 at 06:21 UTC ( [id://289691]=note: print w/replies, xml )

Need Help??

in reply to Re: Back to acceptable untainted characters
in thread Back to acceptable untainted characters

3. In all cases, RegExp/escape any HTML from users so the code would never render in a browser

...unless you want some HTML to render, as you might in e.g. a user "biography" field. In that case, you'll probably want to do some trickery with an HTML parser module to allow a few tags and attributes and strip out the rest.

Once again, though, note the use of "allow". Decide what's permissible and take out everything else. Better safe than sorry.

=cut
--Brent Dax
There is no sig.

Comment on Re: Re: Back to acceptable untainted characters

Replies are listed 'Best First'.
Re: Re: Re: Back to acceptable untainted characters by bradcathey (Prior) on Sep 08, 2003 at 12:29 UTC
Thanks BrentDax. That was a helpful word.	[reply]

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://289691]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others contemplating the Monastery: (4)

As of 2024-04-24 19:16 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found