go ahead... be a heretic | |
PerlMonks |
Re: Re: Back to acceptable untainted charactersby BrentDax (Hermit) |
on Sep 08, 2003 at 06:21 UTC ( [id://289691]=note: print w/replies, xml ) | Need Help?? |
3. In all cases, RegExp/escape any HTML from users so the code would never render in a browser...unless you want some HTML to render, as you might in e.g. a user "biography" field. In that case, you'll probably want to do some trickery with an HTML parser module to allow a few tags and attributes and strip out the rest. Once again, though, note the use of "allow". Decide what's permissible and take out everything else. Better safe than sorry. =cut
In Section
Seekers of Perl Wisdom
|
|