John Krystynak wrote:
I've tried a variety of constructs in my tests that I wouldn't
consider safe, such as putting:
unclosed tags
forms
3rd party img src
and they all went through fine. I can't find anything that actually
gets rejected.
Anyways, this issue plus the error issue makes me think I should just
do all validation manually. But I'm not sure how to do that.
Hi John,
Looking at the [lack of] replies, it seems likely that you're the first
to try the html plugin (and bear in mind that neither I nor Dave Baird
use CGI::Untaint anymore). Also bear in mind that there has only ever
been one release of this module by an author who no longer maintains it.
I don't know who does maintain it - perhaps you fancy it? :) I'd suggest
reading the HTML::Sanitizer docs and seeing if that behaves as you
expect. If not, try to debug whether the fault is in HTML::Sanitizer,
CGI::Untaint::html, the rest of CGI::Untaint, or somewhere in Maypole.
Cheers, Dave
PS Peter, you've got my vote to ditch CGI::Untaint altogether :) I
tried D::FV and got it to work but wasn't too fond of it. I've used
CGI::FormBuilder au nature with some success and I'm currently
experimenting with Dave Baird's Maypole version.
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.10.21/96 - Release Date: 10/09/05
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Maypole-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/maypole-users
