[htmltmpl] Sanitizing data against HTML::Template tags
Brought to you by:
samtregar
Menu
▾
▴
[htmltmpl] Sanitizing data against HTML::Template tags
|
From: Justin S. <ju...@sk...> - 2008-03-27 10:43:48
|
Here's one for everyone:
I'm receiving data from $Untrusted_Source, that may have malicious
code, in the form of H::T tags that I'd like to simply sanitize by
munging it enough that it won't parse when run through H::T, but won't
*break* H::T as well.
Can anyone think of a simple-ish regex to do this? Something like:
my $untrusted = <STDIN>; # (or, where ever)
$untrusted =~ s{<!-- tmpl_}{<!-- BREAK tmpl_}gi;
$untrusted =~ s{<tmpl_}{<BREAK tmpl_}gi;
That may be all there is to it - am I missing some menacing edge case?
--
Justin Simoni
http://justinsimoni.com :: Art Portfolio
|