[sf-perl] input validation module sought
frosty
biztos at mac.com
Mon Sep 22 17:02:51 PDT 2008
For HTML, usually this is all you need:
use HTML::Entities qw(encode_entities);
For SQL, *always* use bind variables.
For Javascript I would say:
1) Never ever eval anything from an untrusted source.
2) Never ever use innerHTML without doing encode_entities on user-supplied data first.
3) Use a well-tested JS toolkit so you don't make a newbie mistake and break #2.
But keep in mind that innerHTML is inherently insecure... just like the Web. :-)
--frosty
On Monday, September 22, 2008, at 12:25PM, "ken uhl" <kenuhl at berkeley.edu> wrote:
>Hi, I am looking for a module to do input validation to protect against
>SQL insertions
>HTML insertions
>javascript insertions
>
>Any suggestions>?
>
>ken uhl
>uc berkeley
>
>_______________________________________________
>SanFrancisco-pm mailing list
>SanFrancisco-pm at pm.org
>http://mail.pm.org/mailman/listinfo/sanfrancisco-pm
>
>
More information about the SanFrancisco-pm
mailing list