|The stupid question is the question not asked|
Module to filter user-input HTML text for security?by 914 (Pilgrim)
|on Jul 17, 2004 at 09:59 UTC||Need Help??|
914 has asked for the wisdom of the Perl Monks concerning the following question:
I've trolled around Search, Super Search, http://perlmonks.thepen.com and CPAN's HTML section looking for a nice way to take web-input data and filter it for broken and/or potentially harmful things. HTML::QuickCheck looks close, but only parses for correct html, and was last updated in 1995.
update: using cpan.uwinnipeg.ca is not the best idea, as it seems rather out of date.
I'm concerned about SSI, bad/unclosed html tags, cross-site scripting (XSS) attacks and so forth... the HTML-QuickCheck module addresses some of this, and i could use a regex to filter HTML comments and PHP include tags and so forth, but i suspect someone has already built this wheel.
UPDATE: i found my own answer while checking the CPAN link above.... HTML::CGIChecker. I'm going to post this anyhow, so others can see it, and for the next schlub who searches here for help on securing blosxom, may (s)he find it early!
update2: using cpan.uwinnipeg.ca is not the best idea, as it seems rather out of date.