AUBBC
view release on metacpan or search on metacpan
If there isn't a popular tag available this module provides a method to "Build your own tags" custom tags can help link to parts of the current web page, other web pages and add other HTML elements.
=head1 Security
Security advice to ensure the proper usage of this module.
=head2 Database Manipulation
The default settings of AUBBC.pm is not good for most forums, blogs, wiki's and bulletin boards
because by default AUBBC should work and be secure. The other reason is these programs will want some
of the user input editable and portable.
For editing and portability purposes you would want to retain the tags or user input as they typed it,
but always use the script_escape before saving to a back-end. This will allow you to change the settings
of AUBBC on the fly so the tags remain portable to setting changes.
The script_escape filter is vital to security for many reasons and provides a standard format for other
methods of AUBBC. There is a file in the examples folder called Database_Manipulation.pm that try's to explain what settings
to change and how to stay safe.
=head2 Mixing HTML and BBcode
Since the script_escape method will disable HTML and JavaScript, I came up with a way
to mix the two. The recommended use of mixing is for Administrator's of the program only,
If there isn't a popular tag available this module provides a method to "Build your own tags" custom tags can help link to parts of the current web page, other web pages and add other HTML elements.
=head1 Security
Security advice to ensure the proper usage of this module.
=head2 Database Manipulation
The default settings of AUBBC.pm is not good for most forums, blogs, wiki's and bulletin boards
because by default AUBBC should work and be secure. The other reason is these programs will want some
of the user input editable and portable.
For editing and portability purposes you would want to retain the tags or user input as they typed it,
but always use the script_escape before saving to a back-end. This will allow you to change the settings
of AUBBC on the fly so the tags remain portable to setting changes.
The script_escape filter is vital to security for many reasons and provides a standard format for other
methods of AUBBC. There is a file in the examples folder called Database_Manipulation.pm that try's to explain what settings
to change and how to stay safe.
=head2 Mixing HTML and BBcode
Since the script_escape method will disable HTML and JavaScript, I came up with a way
to mix the two. The recommended use of mixing is for Administrator's of the program only,
examples/Database_Manipulation.cgi view on Meta::CPAN
=head1 ABSTRACT
Advanced Universal Bulletin Board Code a Perl BBcode API
=head1 DESCRIPTION
This is a none working file(syntax checks ok)! It discribes one way to use this module
in projects like forums, blogs, wiki's, bulletin boards or other development.
Keep in mind Im trying to explain the settings, when to use methods to ensure
security of the module and a simple method to save user input to be
edited later.
Other settings may effect the message output also.
=cut
# Start the module
use AUBBC;
my $aubbc = new AUBBC;
# script_escape will need to be disabled in the settings method and
examples/Database_Manipulation.cgi view on Meta::CPAN
# Befor the data can be saved you will have to use the script_escape method on $message
$message = $aubbc->script_escape($message);
# Then save $message to your database, extra security methods maybe required or desired
# depending on the type of backend used.......
}
sub editing_data {
# This will be a two part subroutine. This first one will get the message from
# the backend and display the data in a HTML form to be edited lets say its
# in variable $form_data
# Since this gets into sandboxing the html_to_text method you may want
# to play with settings for other view's or can skip the form feilds sandboxing
# the option 1 for html_to_text is needed to not convert &, spaces, tab's
$form_data = $aubbc->html_to_text( $form_data );
# Now $form_data can be printed in the form feild
# When the HTML form is submitted we fictitiously sent the edited data to editing_data2
# of this file to be saved
}
sub editing_data2 {
# Part 2 of editing data, you will need to use a module like CGI or what ever is out there
# to recive the HTML form data
# Before the HTML form data can be saved you will have to use the script_escape
# method on the variable that holds the HTML form data lets say its $message2
$message2 = $aubbc->script_escape($message2);
# Then save it to your database, extra security methods maybe required or desired
# depending on the type of backend used.......
examples/Mixing_HTML_and_BBcode.cgi view on Meta::CPAN
=head1 ABSTRACT
Advanced Universal Bulletin Board Code a Perl BBcode API
=head1 DESCRIPTION
This is a none working file(syntax checks ok)! It discribes one way to use this module
in projects like forums, blogs, wiki's, bulletin boards or other development.
Keep in mind Im trying to explain the settings, when to use methods to ensure
security of the module and a simple method to save user input to be
edited later.
Other settings may effect the message output also.
=cut
# Start the module
use AUBBC;
my $aubbc = new AUBBC;
# script_escape will need to be disabled in the settings method and
examples/Mixing_HTML_and_BBcode.cgi view on Meta::CPAN
$message =~ s/(<aubbc>(?s)(.*?)<\/aubbc>)/
my $ret = $aubbc->script_escape( $2 );
$ret ? '<aubbc>'.$ret."<\/aubbc>" : $1;
/exg;
# Then save $message to your database, extra security methods maybe required or desired
# depending on the type of backend used.......
}
sub editing_data {
# This will be a two part subroutine. This first one will get the message from
# the backend and display the data in a HTML form to be edited lets say its
# in variable $form_data
# Since this gets into sandboxing the script_escape method you may want
# to play with settings for other view's or can skip the form feilds sandboxing
# the option 1 for script_escape is needed to not convert spaces, tab's, new lines
$form_data =~ s/(<aubbc>(?s)(.*?)<\/aubbc>)/
my $ret = $aubbc->html_to_text( $2 );
$ret ? '<aubbc>'.$ret."<\/aubbc>" : $1;
/exg;
$form_data = $aubbc->script_escape( $form_data, 1 );
# Now $form_data can be printed in the form feild
# When the HTML form is submitted we fictitiously sent the edited data to editing_data2
# of this file to be saved
}
sub editing_data2 {
# Part 2 of editing data, you will need to use a module like CGI or what ever is out there
# to recive the HTML form data
# Before the HTML form data can be saved you will have to use the script_escape
# method with the regex on the variable that holds the HTML form data lets say its $message2
$message2 =~ s/(<aubbc>(?s)(.*?)<\/aubbc>)/
my $ret = $aubbc->script_escape( $2 );
$ret ? '<aubbc>'.$ret."<\/aubbc>" : $1;
/exg;
( run in 0.760 second using v1.01-cache-2.11-cpan-de7293f3b23 )