I asked this in the chatterbox but somehow things got a bit "confused", so I'm providing a better explanation. Note that this is not a "do my job for me" post. I am planning on writing this (and posting it here), but if it's already written, I'd love to know!
Recently, I've been handed a mock-up of a huge Web-based application. Many of the forms have 40 or more elements in them. What I have been looking for is a script that will read in HTML forms and automatically generate a code skeleton that will:
- Populate scalars or arrays based on the form structure.
- Generate some basic taint-checking routines (perhaps even have it automatically use the Untaint module, but it's not standard).
- Automatically have strict, warnings, and taint checking added to the top of the code to enforce better coding practices.
In short, I'd like something that will take the following HTML form and create a Perl skeleton for it:
<form action='somescript.pl' method=post enctype='multipart/form-data'
+>
<input type='hidden' name=somename value="asdf">
<input type=text name=name value=Ovid size="30" maxsize="30">
<br />
<br>
<input type="checkbox" name="group1" value="1" checked /> box 1 gr
+oup 1
<br>
<input type="checkbox" name="group1" value="2"> box 2 group 1
<br>
<input type="password" name="pass"> Password
</form>
The HTML above is deliberately formatted poorly because I'd prefer a robust solution. A code template generated from this would resemble the following:
#!/usr/bin/perl -w
use strict;
use CGI;
my $q = CGI->new;
# read in form data
my $_somename = $q->param( 'somename' ); # hidden
my $_name = $q->param( 'name' ); # text
my @_group1 = $q->param( 'group1' ); # checkbox
my $_pass = $q->param( 'pass' ); # password
# untaint the data
my ( $somename ) = ( $_somename =~ /^(asdf)$/ );
my ( $name ) = ( $_name =~ /^(Ovid)$/ );
my @group1;
( $group1[$_] ) = ( $_group1[$_] =~ /^(1|2)$/ ) foreach ( 0 .. $#_grou
+p1 );
my ( $pass ) = ( $_pass =~ /^(\w+)$/ );
Note that taint checking is based upon the values already present in the form with a default of \w+ if no value attributes are present in the HTML. Also, it would automatically change the scalar to an array for multi-valued elements (the checkbox group).
If something like this exists (okay, merlyn, which of your columns did I miss? :), please let me know. If it doesn't exist, advice welcome.
I think the benefits of such a script are obvious:
- Faster development time.
- Greater accuracy (never miss another form element!)
- Taint checking automatically very restrictive.
- Pretend to spend 5 hours writing a form-handling routine when you're really playing Quake.
Cheers,
Ovid
Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.