Re: a "search engine" (ahem)

by moritz (Cardinal)

on Jul 09, 2009 at 20:01 UTC ( [id://778687]=note: print w/replies, xml )

Need Help??

Use taint modus, see perlsec.

use the 3-arg form of open (see also perlopentut.

Don't interpolate $query into the HTML without HTML-escaping it first; that's a cross-site scripting vulnerability.

Comment on Re: a "search engine" (ahem) Download Code

Replies are listed 'Best First'.
Re^2: a "search engine" (ahem) by hnd (Scribe) on Jul 09, 2009 at 20:17 UTC
thnx moritz but how do i HTML-escape `$query` and yeah the 3-arg form is more readable than this one ===================================================== i'am worst at what do best and for this gift i fell blessed... i found it hard it's hard to find well whatever NEVERMIND	[reply] [d/l]
Re^3: a "search engine" (ahem) by moritz (Cardinal) on Jul 09, 2009 at 20:33 UTC
Use `escapeHTML` from CGI. Or a template system that has the option to escape interpolated variables.	[reply] [d/l]

Domain Nodelet^?

Node Status^?

node history
Node Type: note [id://778687]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others cooling their heels in the Monastery: (4)

As of 2024-04-25 16:57 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

No recent polls found