view release on metacpan or  search on metacpan

README  view on Meta::CPAN

        my $querystring = $r->query_string();
        $r->print($querystring);    # html is escaped...

        $querystring =~ s/<script>//;
        $r->print($querystring);    # html is NOT escaped...
    }

DESCRIPTION
    Note:          This code is derived from the *Apache::TaintRequest*
                   module, available as part of "The mod_perl Developer's
                   Cookbook".

    One of the harder problems facing web developers involves dealing with
    potential cross site scripting attacks. Frequently this involves many
    calls to HTML::Entities::escape_html().

    This module aims to automate this tedious process. It overrides the
    print mechanism in the mod_perl Apache module. The new print method
    tests each chunk of text for taintedness. If it is tainted we assume the
    worst and html-escape it before printing.

lib/Apache2/TaintRequest.pm  view on Meta::CPAN

__END__


=head1 DESCRIPTION

=over 15

=item Note:

This code is derived from the I<Apache::TaintRequest> module,
available as part of "The mod_perl Developer's Cookbook".

=back

One of the harder problems facing web developers involves dealing with
potential cross site scripting attacks.  Frequently this involves many
calls to HTML::Entities::escape_html().

This module aims to automate this tedious process.  It overrides the
print mechanism in the mod_perl Apache module.  The new print method
tests each chunk of text for taintedness.  If it is tainted we assume