I just installed CGI::Untaint::html, and I added a html => [col1 col2 col3].
__PACKAGE__->untaint_columns( html => [qw(address1 address2 city company country fax first last phone state\ postal_code)], integer => [qw(user)] ); When I run this, I get no errors. However, maybe it doesn't do what I think. I'm trying to prevent cross-scripting attacks by not allowing html in input fields, but I could put "<form><input="text"></form>" into the text input and have no complaints from untaint is_valid check. Is there an example somewhere that does this? Or perhaps I have to write code with a subroutine that calls $handler->extract( $col )?? Thanks, johnk PS. What is the way to override the error message from the is_valid check, so the users don't see: state () does not pass the is_valid() check On 9/9/05, David Baird <[EMAIL PROTECTED]> wrote: > On 9/9/05, John Krystynak <[EMAIL PROTECTED]> wrote: > > In my Maypole app, I want my form inputs to not allow html. > > > > I'm trying to do something like: > > > > BeerDB::Beer->untaint_columns( > > html => [qw/abv name price notes/], > > integer => [qw/style brewery score/], > > date => [ qw/date/], > > ); > > > > but I can't get the html handler to be recognized. The form prints: > > "Can't find extraction handler for html" > > > > What's the right way to use the Untaint plugin for additional fields > > like html, phone, IPaddr, etc? > > That looks like it should work. Have you installed CGI::Untaint::html? > > d. > > > ------------------------------------------------------- > SF.Net email is Sponsored by the Better Software Conference & EXPO > September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices > Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA > Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf > _______________________________________________ > Maypole-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/maypole-users > -- Check out my AdWords and Overture blog: http://gotads.blogspot.com ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Maypole-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/maypole-users
