Hello Monks. I am just starting to learn the language of Perl. I came to your monastery in order to seek an answer to a question to which I haven't satisfactorily found an answer yet. I am currently finishing a form. I am at that point wherein I am learning how to sanitize the user's input. The code goes like this:
#!/usr/bin/perl
use strict;
use warnings;
use diagnostics;
use CGI;
my $query = CGI->new;
my $input = $query->param('team_name');
$input =~ s/[^a-zA-Z0-9\s!]/_/g;
$input =~ s/!/!/g; # Escaping ! for HTML
$input =~ s/!/\!/g; # Escaping ! for Perl
My goal is to escape the occurrences of exclamation symbols (!) that will be supplied by the user so that they are not interpreted as part of the HTML and Perl code. Some of you may probably recommend to use a module such as HTML::Entities and the likes. However, at this point, I just want to gain an understanding on how escaping works for HTML and Perl. If I use the above code, would it be safe to do so. I guess my real questions are: is it possible to escape the same special character for both Perl and HTML at the same time? would escaping ! for Perl cancel out the earlier escaping of ! for HTML - vice-versa? I'd very much appreciate your help on this topic. Thank you.