Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Re: Re: Back to acceptable untainted characters

by BrentDax (Hermit)
on Sep 08, 2003 at 06:21 UTC ( #289691=note: print w/replies, xml ) Need Help??


in reply to Re: Back to acceptable untainted characters
in thread Back to acceptable untainted characters

3. In all cases, RegExp/escape any HTML from users so the code would never render in a browser
...unless you want some HTML to render, as you might in e.g. a user "biography" field. In that case, you'll probably want to do some trickery with an HTML parser module to allow a few tags and attributes and strip out the rest.

Once again, though, note the use of "allow". Decide what's permissible and take out everything else. Better safe than sorry.

=cut
--Brent Dax
There is no sig.

  • Comment on Re: Re: Back to acceptable untainted characters

Replies are listed 'Best First'.
Re: Re: Re: Back to acceptable untainted characters
by bradcathey (Prior) on Sep 08, 2003 at 12:29 UTC
    Thanks BrentDax. That was a helpful word.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://289691]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (7)
As of 2022-01-24 13:56 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:












    Results (64 votes). Check out past polls.

    Notices?