Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- P E Schoen
January 19, 2011, 9:12 pm
rate this thread
called from a form that allowed the user to submit information that was=20
inserted into a database from which HTML pages would be generated, and =
the submitted content would be echoed back to the user and mailed to me. =
problem seemed to occur if I had newline CRs in the content of the text=20
input, and I finally determined it was a misplaced comma in my perl =
But as I was testing it, I tried adding some HTML, and it worked well =
font size and color and such, as well as being able to insert an image =
src=3Durl>. But then I thought about what would happen if someone made a
mistake in the HTML tags, or even worse, if a hacker inserted malicious =
security issue, or at the very least, a good chance of messing up the=20
database and the resulting HTML pages.
So, I did some research and found this:=20
http://en.wikipedia.org/wiki/Cross-site_scripting . It is known as XSS, =
is often a problem with blogs and forums which allow HTML. In that =
found this: http://htmlpurifier.org /, which strips out possibly =
content and fixes broken tags and other HTML errors. However, it seems =
designed for PHP, and at this point I want to continue using Perl to =
yet another learning curve.
I think this will be a requirement for my application, and I still need =
learn more about this purifier. Maybe there is a way to submit the raw=20
content and have the purified content returned for use. If anyone has=20
experience with this, I'd appreciate any advice. The link in my sig is =
site I am maintaining, and the link to the form in question is there and =
also on the new website which is there as well. I can supply =
information and code if anyone is interested, but only by direct email.