Definitely belongs under String. But I don't like Escape in the name,
how about String::Cage?
On 6/26/07, Mark P Sullivan <[EMAIL PROTECTED]> wrote:
I have written a (proof of concept of a) module which I think should be
shared through CPAN. Since I'm giving a lightning talk on it tomorrow
at YAPC::NA, now seems like an ideal time to actually share it.
Descriptive short blurb:
The String::EscapeCage module puts dangerous strings in a cage.
It eases escaping to various encodings, helps developers track
what data are dangerous, and prevents injection attacks.
Descriptive moderately-sized blurb:
After the "cage" function cages a string, the "uncage" method
releases it and "escapehtml", "escapecstring", etc methods safely
escape (transform) it. If an application cages all user-supplied
strings, then a run-time exception will prevent application code
from accidentally allowing an SQL, shell, cross-site scripting,
cat -v, etc injection attack. EscapeCage's paranoia can be
adjusted for development. The concept is similar to "tainted"
data, but is implemented by "overload"ing the '""' stringify
method on blessed scalar references.
I think the most appropriate name is "String::EscapeCage". Any
suggestions? "String::" is more appropriate than "Text::", right?
Once I have the blessing of the elders, I'll upload it to PAUSE. (My
first module for CPAN, my first YAPC, and my first lightning talk;
please be gentle.)
--mark
--
Help bring back the San Jose Earthquakes - http://www.soccersiliconvalley.com/
