Re: [htmltmpl] Sanitizing data against HTML::Template tags
Brought to you by:
samtregar
From: Mike M. <mac...@ya...> - 2008-04-08 21:17:24
|
If you want to be sure not break a template this might be embedded into you'll need to take care of the </TMPL...> tags in the untrusted input as well. --Mike MacKenzie --- Justin Simoni <ju...@sk...> wrote: > Here's one for everyone: > > I'm receiving data from $Untrusted_Source, that may have malicious > code, in the form of H::T tags that I'd like to simply sanitize by > munging it enough that it won't parse when run through H::T, but won't > *break* H::T as well. > > Can anyone think of a simple-ish regex to do this? Something like: > > my $untrusted = <STDIN>; # (or, where ever) > $untrusted =~ s{<!-- tmpl_}{<!-- BREAK tmpl_}gi; > $untrusted =~ s{<tmpl_}{<BREAK tmpl_}gi; > > That may be all there is to it - am I missing some menacing edge case? > > -- > > Justin Simoni > > http://justinsimoni.com :: Art Portfolio > > > > > > > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > _______________________________________________ > Html-template-users mailing list > Htm...@li... > https://lists.sourceforge.net/lists/listinfo/html-template-users > ____________________________________________________________________________________ You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost. http://tc.deals.yahoo.com/tc/blockbuster/text5.com |