techcode has asked for the wisdom of the Perl Monks concerning the following question:
I thought I'm all settled with following code:
Have you tried freelancing? Check out Scriptlance - I work there. For more info about Scriptlance and freelancing in general check out my home node.
But here is a problem. I use UTF-8 so that site would support Serbian (latin not cyrilic) so I end up with funky entities instead of letters like Š, Đ, Č, Ć and Ž.sub form { my $self = shift; my %params = @_; # I could use delete right? my $skip = array_to_hash($params{'skip_fields'}); # Array/ArrayRef my $q = $self->query(); my %vars = $q->Vars(); use HTML::Entities; foreach(keys %vars){ next if $skip->{$_}; # Don't encode if it's in skip list $vars{$_} = HTML::Entities::encode($vars{$_}); } return \%vars; }
Which when I hit preview I realised this site is doing too :)
Is there any other way to filter the input that would not do this? I dont want Š instead of Š in my forms ...I believe it's ok to have those chars not encoded since I set both header and meta charset to utf-8.
Have you tried freelancing? Check out Scriptlance - I work there. For more info about Scriptlance and freelancing in general check out my home node.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: Preventing XSS
by ikegami (Patriarch) on Sep 19, 2007 at 20:11 UTC | |
by tye (Sage) on Sep 19, 2007 at 20:48 UTC | |
Re: Preventing XSS
by b10m (Vicar) on Sep 19, 2007 at 19:44 UTC | |
Re: Preventing XSS
by andreas1234567 (Vicar) on Sep 20, 2007 at 11:05 UTC | |
Re: Preventing XSS
by techcode (Hermit) on Sep 20, 2007 at 10:47 UTC |
Back to
Seekers of Perl Wisdom