[sf-perl] SanFrancisco-pm Digest, Vol 44, Issue 6

ken uhl kenuhl at berkeley.edu
Fri Sep 26 08:41:33 PDT 2008


Dan
Thanks for this -
I use Template Toolkit as my "outputter"  
( yeah some one actually abstracted this )

but I may take pieces out of your modules and use them with
attribtution to you .
s
Ken Uhl
UC Berkeley

and to every one else who offered useful replies,
thanks also -
turns out that class::DBI  does the variable binding thing quite handily.



 sanfrancisco-pm-request at pm.org wrote:
> Send SanFrancisco-pm mailing list submissions to
> 	sanfrancisco-pm at pm.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://mail.pm.org/mailman/listinfo/sanfrancisco-pm
> or, via email, send a message with subject or body 'help' to
> 	sanfrancisco-pm-request at pm.org
>
> You can reach the person managing the list at
> 	sanfrancisco-pm-owner at pm.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of SanFrancisco-pm digest..."
>
>
> Today's Topics:
>
>    1. Re: input validation module sought (Dan Lyke)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 23 Sep 2008 12:41:05 -0700
> From: Dan Lyke <danlyke at flutterby.com>
> Subject: Re: [sf-perl] input validation module sought
> To: sanfrancisco-pm at pm.org
> Message-ID: <20080923124105.28658e2a at danhplaptop>
> Content-Type: text/plain; charset=US-ASCII
>
> On Mon, 22 Sep 2008 12:25:54 -0700
> ken uhl <kenuhl at berkeley.edu> wrote:
>   
>> Hi, I am looking for a module to do input validation to protect
>> against SQL insertions
>>     
>
> As others have mentioned, bound variables are your friend, though
> because I started doing this stuff back in the days when bound
> variables didn't well work on all drivers, the $dbh->quote(...) method
> also works nicely.
>
>   
>> HTML insertions
>> javascript insertions
>>     
>
> These are a slightly more challenging problem. I've let my code to do
> this diverge from the stuff I've published, but the roughly the system
> which has run my web site for 8 years or so is at
> http://www.flutterby.com/software/flutterbycms/flutterby_cms.tar.gz
>
> If nobody comes up with a supported CPAN module that does all the right
> stuff you might take a look at it. It shows its age, I should really sit
> down and rework it with what I've learned of Perl since, actually
> document the thing, maybe even figure out how to make a CPAN module,
> but the guts of it are in Flutterby/Parse/Text.pm and
> Flutterby/Output/HTML.pm
>
> Create a new parser with:
>
>    my $p = Flutterby::Parse::HTML->new();
>
> Create a tree (which is just like the ones that come in off of the XML
> parser) with:
>
>    my $tree = $p->parse("some text mixed with html goes here");
>
> Create an outputter:
>
>    my $out = Flutterby::Output::HTML->new();
>
> and there are various options for outputting to strings or whatever, and
> then output it:
>
>    $out->output($tree);
>
> You might also want to find a subset of the tree if you're outputting
> this HTML inside other HTML:
>
>    if ($node = Flutterby::Tree::Find::nodeChildInfo($tree,'body'))
>    {
>       @tree = @$node;
>       shift @tree;
>       $outputhtml->output(\@tree);
>    }
>    else
>    {
>       $outputhtml->output($tree);
>    }
>
> The Perl ain't great, there's a lot I'd like to rework it to do, but it
> does a semi-decent job of taking text user input, guessing what they
> meant, keeping them from doing anything malicious, and outputting
> conforming and validating HTML. I think there's one hole that should
> get plugged, if you get that far I'll happily discuss plugging it with
> you.
>
> If Perl were my business or I had gobs of spare time I'd rework it so
> that it worked on a pipe rather than a tree-in-memory model, and I know
> that the actual running code has an expanded amount of HTML it'll let
> the user do, but that's where I've gotten to and it still runs.
>
> I think I've put a GPL license on that, but it's all my code and I'll
> happily work with you to provide a suitable written copyright notice
> if you may need to integrate it into something that isn't GPL-able (I
> know that sometimes it's difficult to get suits to sign off on random
> code from the 'net).
>
> Dan
>
>
> ------------------------------
>
> _______________________________________________
> SanFrancisco-pm mailing list
> SanFrancisco-pm at pm.org
> http://mail.pm.org/mailman/listinfo/sanfrancisco-pm
>
>
> End of SanFrancisco-pm Digest, Vol 44, Issue 6
> **********************************************
>
>   



More information about the SanFrancisco-pm mailing list