Yes, you are forgetting all the closing tags.
Another option would be to just eval the code as passed to a test HT object.
If it breaks HT you can catch it from the eval.
HTH,
Alex
On Thu, 27 Mar 2008 04:43:41 -0600, Justin Simoni wrote
> Here's one for everyone:
>
> I'm receiving data from $Untrusted_Source, that may have malicious
> code, in the form of H::T tags that I'd like to simply sanitize by
> munging it enough that it won't parse when run through H::T, but
> won't *break* H::T as well.
>
> Can anyone think of a simple-ish regex to do this? Something like:
>
> my $untrusted = <STDIN>; # (or, where ever)
> $untrusted =~ s{<!-- tmpl_}{<!-- BREAK tmpl_}gi;
> $untrusted =~ s{<tmpl_}{<BREAK tmpl_}gi;
>
> That may be all there is to it - am I missing some menacing edge case?
>
> --
>
> Justin Simoni
>
> http://justinsimoni.com :: Art Portfolio
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> _______________________________________________
> Html-template-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/html-template-users
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Html-template-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/html-template-users
