Ovid has asked for the wisdom of the Perl Monks concerning the following question:
I asked this in the chatterbox but somehow things got a bit "confused", so I'm providing a better explanation. Note that this is not a "do my job for me" post. I am planning on writing this (and posting it here), but if it's already written, I'd love to know!
Recently, I've been handed a mock-up of a huge Web-based application. Many of the forms have 40 or more elements in them. What I have been looking for is a script that will read in HTML forms and automatically generate a code skeleton that will:
- Populate scalars or arrays based on the form structure.
- Generate some basic taint-checking routines (perhaps even have it automatically use the Untaint module, but it's not standard).
- Automatically have strict, warnings, and taint checking added to the top of the code to enforce better coding practices.
In short, I'd like something that will take the following HTML form and create a Perl skeleton for it:
<form action='somescript.pl' method=post enctype='multipart/form-data' +> <input type='hidden' name=somename value="asdf"> <input type=text name=name value=Ovid size="30" maxsize="30"> <br /> <br> <input type="checkbox" name="group1" value="1" checked /> box 1 gr +oup 1 <br> <input type="checkbox" name="group1" value="2"> box 2 group 1 <br> <input type="password" name="pass"> Password </form>
The HTML above is deliberately formatted poorly because I'd prefer a robust solution. A code template generated from this would resemble the following:
#!/usr/bin/perl -w use strict; use CGI; my $q = CGI->new; # read in form data my $_somename = $q->param( 'somename' ); # hidden my $_name = $q->param( 'name' ); # text my @_group1 = $q->param( 'group1' ); # checkbox my $_pass = $q->param( 'pass' ); # password # untaint the data my ( $somename ) = ( $_somename =~ /^(asdf)$/ ); my ( $name ) = ( $_name =~ /^(Ovid)$/ ); my @group1; ( $group1[$_] ) = ( $_group1[$_] =~ /^(1|2)$/ ) foreach ( 0 .. $#_grou +p1 ); my ( $pass ) = ( $_pass =~ /^(\w+)$/ );
Note that taint checking is based upon the values already present in the form with a default of \w+ if no value attributes are present in the HTML. Also, it would automatically change the scalar to an array for multi-valued elements (the checkbox group).
If something like this exists (okay, merlyn, which of your columns did I miss? :), please let me know. If it doesn't exist, advice welcome.
I think the benefits of such a script are obvious:
- Faster development time.
- Greater accuracy (never miss another form element!)
- Taint checking automatically very restrictive.
- Pretend to spend 5 hours writing a form-handling routine when you're really playing Quake.
Cheers,
Ovid
Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: Automatic Generation of Form Handling Code
by Cirollo (Friar) on Jun 06, 2001 at 21:43 UTC | |
by Ovid (Cardinal) on Jun 06, 2001 at 22:04 UTC | |
by dkubb (Deacon) on Jun 07, 2001 at 12:00 UTC | |
Re: Automatic Generation of Form Handling Code
by traveler (Parson) on Jun 06, 2001 at 23:12 UTC | |
Re: Automatic Generation of Form Handling Code
by shotgunefx (Parson) on Jun 07, 2001 at 10:09 UTC |