[DCPM] CGI::FormBuilder and Taint
Simon Waters
simon at technocool.net
Sat Jun 11 22:17:57 PDT 2011
Wrote a little CGI wrapper script for wkhtmltopdf.
Found that the CGI::FormBuilder validation doesn't seem to untaint data
it has validated.
Am I missing something here, as this would seem a natural thing to do in
the validation step?
Also having to manually declare things that are a select should have the
values associated with the select seems redundant. i.e. if "Gender"
options are "Male"/"Female"/"Don't Know" then you have to tell it this
to generate the select and also repeat yourself in the validate (I can
imagine cases where you don't want this, but they could be done with a
flag that says "allow write-ins").
My instinct is the whole thing could be made more comprehensive, but
presumably folks didn't want to do that this way. On the other hand I
hadn't used it before, and it seems to do the job nicely.
More information about the Devoncornwall-pm
mailing list