Hi.
Please forgive me if this is an easy one. It's late and I haven't found any
mention of it.
I'd like to encode form fields so that only the standard bold, italic,
underline, list, etc. are allowed and and script, style, etc. tags are encoded.
Also, I'd like to only let the base tags through and no attributes so setting
an onmouseover in a paragraph is encoded. Basically I'm trying to avoid XSS
and other nastiness.
Is there a module that does this to all parameters at once? Do i simply need
to do it to each paramter I accept? For now I've been adding the html filter
in my Template Toolkit templates, but that's a pain and relies on each output
field filtering. I'd like to encode before storing the data in the database so
it's safe no matter how it's presented.
Any help is appreciated.
Thanks,
bill
_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
