[Catalyst] HTML encoding parameters
m at rkellis.com
Sun Jun 29 14:12:35 GMT 2014
I've had really good results with HTML::StripScripts::Parser, you can set
allowed attributes on certain tags only, it's really flexible
On 29 Jun 2014 05:14, "bill hauck" <wbhauck at yahoo.com> wrote:
> Please forgive me if this is an easy one. It's late and I haven't found
> any mention of it.
> I'd like to encode form fields so that only the standard bold, italic,
> underline, list, etc. are allowed and and script, style, etc. tags are
> encoded. Also, I'd like to only let the base tags through and no
> attributes so setting an onmouseover in a paragraph is encoded. Basically
> I'm trying to avoid XSS and other nastiness.
> Is there a module that does this to all parameters at once? Do i simply
> need to do it to each paramter I accept? For now I've been adding the html
> filter in my Template Toolkit templates, but that's a pain and relies on
> each output field filtering. I'd like to encode before storing the data in
> the database so it's safe no matter how it's presented.
> Any help is appreciated.
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> Dev site: http://dev.catalyst.perl.org/
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Catalyst