[sf-perl] input validation module sought

frosty biztos at mac.com
Mon Sep 22 17:02:51 PDT 2008

For HTML, usually this is all you need:

use HTML::Entities qw(encode_entities);

For SQL, *always* use bind variables.

For Javascript I would say:

1) Never ever eval anything from an untrusted source.
2) Never ever use innerHTML without doing encode_entities on user-supplied data first.
3) Use a well-tested JS toolkit so you don't make a newbie mistake and break #2.

But keep in mind that innerHTML is inherently insecure... just like the Web. :-)


On Monday, September 22, 2008, at 12:25PM, "ken uhl" <kenuhl at berkeley.edu> wrote:
>Hi, I am looking for a module to do input validation to protect against
>SQL insertions
>HTML insertions
>javascript insertions
>Any suggestions>?
>ken uhl
>uc berkeley
>SanFrancisco-pm mailing list
>SanFrancisco-pm at pm.org

More information about the SanFrancisco-pm mailing list