[htmltmpl] Sanitizing data against HTML::Template tags
Brought to you by:
samtregar
From: Justin S. <ju...@sk...> - 2008-03-27 10:43:48
|
Here's one for everyone: I'm receiving data from $Untrusted_Source, that may have malicious code, in the form of H::T tags that I'd like to simply sanitize by munging it enough that it won't parse when run through H::T, but won't *break* H::T as well. Can anyone think of a simple-ish regex to do this? Something like: my $untrusted = <STDIN>; # (or, where ever) $untrusted =~ s{<!-- tmpl_}{<!-- BREAK tmpl_}gi; $untrusted =~ s{<tmpl_}{<BREAK tmpl_}gi; That may be all there is to it - am I missing some menacing edge case? -- Justin Simoni http://justinsimoni.com :: Art Portfolio |