1

Is there a good library in CPAN for filtering out an textfield for all the bad things, like xss?

Jeremy Wall
  • 23,907
  • 5
  • 55
  • 73
Timmy
  • 12,468
  • 20
  • 77
  • 107
  • Might be a duplicate of [Filtering JavaScript out of HTML](http://stackoverflow.com/questions/858773/filtering-javascript-out-of-html). – sleske Jun 16 '09 at 12:57

2 Answers2

6

Your first step should always be to search and browse through the results. It looks like there are lots of potential hits. When I'm looking for something new, I browse through search results and check the docs of modules to see how clear they are and how well built the API is. I also look for reviews (some have, some don't - it's often random) and check bugs. It gives me a sense of what I'm dealing with.

If your question is "Which of these various options is best?", then I'm afraid I don't know in this case. (My initial answer may have been too general.)

Two good places to start a search of CPAN:

Telemachus
  • 19,459
  • 7
  • 57
  • 79
0

At the base level you want HTML::Entities, but which escape you chose depends on where in the DOM you're using the values. It won't help at all to html entity encode a user input if you stick it inside a <script> tag, for example.

It's pretty likely that you're using some kind of template to generate the html, so it should have a method to escape the content, HTML::Mason has <% $thing |h %>, Template::Toolkit has [% thing | html %]... but if you're just doing it in your own code you'll need to call encode_entities yourself.

Nyanstep
  • 11
  • 3