Re: [htmltmpl] Sanitizing data against HTML::Template tags

Tue, 08 Apr 2008 14:17:28 -0700 

If you want to be sure not break a template this might be embedded into you'll
need to take care of the </TMPL...> tags in the untrusted input as well.

--Mike MacKenzie

--- Justin Simoni <[EMAIL PROTECTED]> wrote:

> Here's one for everyone:
> 
> I'm receiving data from $Untrusted_Source, that may have malicious  
> code, in the form of H::T tags that I'd like to simply sanitize by  
> munging it enough that it won't parse when run through H::T, but won't  
> *break* H::T as well.
> 
> Can anyone think of a simple-ish regex to do this? Something like:
> 
>       my $untrusted = <STDIN>; # (or, where ever)
>          $untrusted =~ s{<!-- tmpl_}{<!-- BREAK tmpl_}gi;
>          $untrusted =~ s{<tmpl_}{<BREAK tmpl_}gi;
> 
> That may be all there is to it - am I missing some menacing edge case?
> 
> -- 
> 
> Justin Simoni
> 
> http://justinsimoni.com :: Art Portfolio
> 
> 
> 
> 
> 
> 
> 
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> _______________________________________________
> Html-template-users mailing list
> Html-template-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/html-template-users
> 



      
____________________________________________________________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total 
Access, No Cost.  
http://tc.deals.yahoo.com/tc/blockbuster/text5.com

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Register now and save $200. Hurry, offer ends at 11:59 p.m., 
Monday, April 7! Use priority code J8TLD2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Html-template-users mailing list
Html-template-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/html-template-users

Reply via email to