[htmltmpl] Patch for new option "force_untaint"
Brought to you by:
samtregar
Menu
▾
▴
[htmltmpl] Patch for new option "force_untaint"
|
From: Sven N. <sve...@sv...> - 2006-11-24 15:52:06
|
Hi, I have opened a new bug (#23592) on rt.cpan.org for a new feature request: The "force_untaint" option. This option makes sure that no tainted values are set in the template. If set to 1, only TMPL_VARs with no ESCAPE-attribute must be untainted, if set to 2, every TMPL_VAR must be untainted. I have attached a patch to the bug that implements this feature. Please let me know what you think. I believe this would be very helpful in preventing cross-site-scripting (CSS) bugs. Regards, -Sven Neuhaus |
