On Tue, 22 Jan 2002 09:25:15 -0800 Paul Lindner <[EMAIL PROTECTED]> wrote:
> As part of the CPANification of the code in the mod_perl Developer's > cookbook, I present Apache::TaintRequest, a module that helps prevent > cross-site scripting attacks by automatically html-escaping 'tainted' > text sent to a web browser.. Get it at > http://www.modperlcookbook.org/code.html Techniques I use depends on HTML::Template's <TMPL_VAR escape="HTML"> stuff. But your idea to detect output from Untainted data for protection against CSS, is very neat. Nice. -- Tatsuhiko Miyagawa <[EMAIL PROTECTED]>
