[DCPM] CGI::FormBuilder and Taint
Aaron Trevena
aaron.trevena at gmail.com
Sun Jun 12 12:40:02 PDT 2011
On 12 June 2011 06:17, Simon Waters <simon at technocool.net> wrote:
> Wrote a little CGI wrapper script for wkhtmltopdf.
>
> Found that the CGI::FormBuilder validation doesn't seem to untaint data
> it has validated.
I can't remember the last time I ran perl in Taint mode.. modern good
practise renders it moot.
> Am I missing something here, as this would seem a natural thing to do in
> the validation step?
Few people still use it outside 90s style CGI scripts IME.
> My instinct is the whole thing could be made more comprehensive, but
> presumably folks didn't want to do that this way. On the other hand I
> hadn't used it before, and it seems to do the job nicely.
Have you looked at other form handling modules on CPAN? I rather like
Data::FormValidator, although the newer nicer alternative to that is
http://search.cpan.org/perldoc?Data::Verifier, you might also like
Spark::Form which seems quite nice - but I haven't used it yet.
A
--
Aaron J Trevena, BSc Hons
http://www.aarontrevena.co.uk
LAMP System Integration, Development and Consulting
More information about the Devoncornwall-pm
mailing list