Re: [htmltmpl] Sanitizing data against HTML::Template tags
Brought to you by:
samtregar
Menu
▾
▴
Re: [htmltmpl] Sanitizing data against HTML::Template tags
|
From: Mike M. <mac...@ya...> - 2008-04-08 21:17:24
|
If you want to be sure not break a template this might be embedded into you'll
need to take care of the </TMPL...> tags in the untrusted input as well.
--Mike MacKenzie
--- Justin Simoni <ju...@sk...> wrote:
> Here's one for everyone:
>
> I'm receiving data from $Untrusted_Source, that may have malicious
> code, in the form of H::T tags that I'd like to simply sanitize by
> munging it enough that it won't parse when run through H::T, but won't
> *break* H::T as well.
>
> Can anyone think of a simple-ish regex to do this? Something like:
>
> my $untrusted = <STDIN>; # (or, where ever)
> $untrusted =~ s{<!-- tmpl_}{<!-- BREAK tmpl_}gi;
> $untrusted =~ s{<tmpl_}{<BREAK tmpl_}gi;
>
> That may be all there is to it - am I missing some menacing edge case?
>
> --
>
> Justin Simoni
>
> http://justinsimoni.com :: Art Portfolio
>
>
>
>
>
>
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> _______________________________________________
> Html-template-users mailing list
> Htm...@li...
> https://lists.sourceforge.net/lists/listinfo/html-template-users
>
____________________________________________________________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.
http://tc.deals.yahoo.com/tc/blockbuster/text5.com
|