hmmm ... I'll start here ... http://www.perl.com/doc/manual/html/pod/perllocale.html
thanks. On 12/5/06, Daniel McBrearty <[EMAIL PROTECTED]> wrote:
yes, I would know the language being supported. There are a lot of languages though. Does it work with Chinese, or Marathi (Devanagari)? I didn't know that \W did that though. guess I need to look into it. Never seen that in the perldocs - any idea where I can look for the small print? On 12/5/06, Joel Bernstein <[EMAIL PROTECTED]> wrote: > On Tue, Dec 05, 2006 at 01:10:35PM +0100, Daniel McBrearty wrote: > > How does one do this? > > > > If you have a text input field which can be in *any* language, which > > will get stored in the db, how do you protect against script > > injection? > > > > If it's just english, I normally only accept characters from a given > > list (something like /[A-Za-z0-9]/ , plus whitespace and punctuation). > > But if the input can be in any language .... ?? > > Isn't there any way you could require the input to be associated with a > particular language? Perl supports locale definitions which modify, for > example, the set of 'word' characters matched by the \w regular > expression escape. If you could dynamically switch locales to the > correct one for your input text then you could trivially s/\W//g to > sanitize strings. > > If you really have to accept input in any language without knowing > what language it is, then perhaps you should take the opposite approach > and test for the presence of certain characters which you can be sure > would occur in program code but not typically in text. Of course, > English might suffer without the dollar-sign and semicolon, and you may > decide that this is overly restrictive on your users... > > /joel > > _______________________________________________ > List: Catalyst@lists.rawmode.org > Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst > Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ > Dev site: http://dev.catalyst.perl.org/ > -- Daniel McBrearty email : danielmcbrearty at gmail.com www.engoi.com : the multi - language vocab trainer BTW : 0873928131
-- Daniel McBrearty email : danielmcbrearty at gmail.com www.engoi.com : the multi - language vocab trainer BTW : 0873928131 _______________________________________________ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/