Apache2-TaintRequest
view release on metacpan or search on metacpan
{
"abstract" : "HTML Escape tainted data to prevent CSS Attacks",
"author" : [
"Fred Moyer <fred@redhotpenguin.com>"
],
"dynamic_config" : 1,
"generated_by" : "ExtUtils::MakeMaker version 6.62, CPAN::Meta::Converter version 2.112150",
"license" : [
"unknown"
],
"meta-spec" : {
"url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec",
---
abstract: 'HTML Escape tainted data to prevent CSS Attacks'
author:
- 'Fred Moyer <fred@redhotpenguin.com>'
build_requires:
ExtUtils::MakeMaker: 0
configure_requires:
ExtUtils::MakeMaker: 0
dynamic_config: 1
generated_by: 'ExtUtils::MakeMaker version 6.62, CPAN::Meta::Converter version 2.112150'
license: unknown
meta-spec:
NAME
Apache2::TaintRequest - HTML Escape tainted data to prevent CSS Attacks
SYNOPSIS
use Apache2::TaintRequest ();
sub handler { my $r = shift; $r = Apache2::TaintRequest->new($r);
my $querystring = $r->query_string();
$r->print($querystring); # html is escaped...
$querystring =~ s/<script>//;
Note: This code is derived from the *Apache::TaintRequest*
module, available as part of "The mod_perl Developer's
Cookbook".
One of the harder problems facing web developers involves dealing with
potential cross site scripting attacks. Frequently this involves many
calls to HTML::Entities::escape_html().
This module aims to automate this tedious process. It overrides the
print mechanism in the mod_perl Apache module. The new print method
tests each chunk of text for taintedness. If it is tainted we assume the
worst and html-escape it before printing.
Note that this module requires that you have the line
PerlSwitches -T
in your httpd.conf. This may have other unintended side effects, so be
warned.
SEE ALSO
lib/Apache2/TaintRequest.pm view on Meta::CPAN
package Apache2::TaintRequest;
use strict;
use warnings;
=head1 NAME
Apache2::TaintRequest - HTML Escape tainted data to prevent CSS Attacks
=head1 SYNOPSIS
use Apache2::TaintRequest ();
sub handler {
my $r = shift;
$r = Apache2::TaintRequest->new($r);
my $querystring = $r->query_string();
$r->print($querystring); # html is escaped...
$querystring =~ s/<script>//;
$r->print($querystring); # html is NOT escaped...
}
=cut
use Apache2::RequestRec;
use HTML::Entities ();
use Taint qw(tainted);
our $VERSION = '0.01';
use base 'Apache2::RequestRec';
sub new {
my ( $class, $r ) = @_;
my %self;
bless \%self, $class;
lib/Apache2/TaintRequest.pm view on Meta::CPAN
*escape_html = \&HTML::Entities::encode_entities;
sub print {
my ( $self, @data ) = @_;
foreach my $value (@data) {
# Dereference scalar references.
$value = $$value if ref $value eq 'SCALAR';
# Escape any HTML content if the data is tainted.
$value = escape_html($value) if tainted($value);
}
$self->{request}->SUPER::print(@data);
}
1;
__END__
lib/Apache2/TaintRequest.pm view on Meta::CPAN
available as part of "The mod_perl Developer's Cookbook".
=back
One of the harder problems facing web developers involves dealing with
potential cross site scripting attacks. Frequently this involves many
calls to HTML::Entities::escape_html().
This module aims to automate this tedious process. It overrides the
print mechanism in the mod_perl Apache module. The new print method
tests each chunk of text for taintedness. If it is tainted we assume
the worst and html-escape it before printing.
Note that this module requires that you have the line
PerlSwitches -T
in your httpd.conf. This may have other unintended side effects, so
be warned.
=head1 SEE ALSO
( run in 0.492 second using v1.01-cache-2.11-cpan-4e96b696675 )