use Encode qw(decode); use URI::Escape qw(uri_unescape); my $string = decode 'utf-8' => uri_unescape $input; #### use Encode qw(encode); use HTML::Entities qw(encode_entities); my $output = encode_entities encode 'utf-8' => $string; #### #!/usr/bin/perl -w # this is page.cgi use strict; use CGI::Simple; use File::Slurp qw(read_file); my $cgi = CGI::Simple->new; my $page = $cgi->param('page'); die if $page =~ m[/]; # Disallow pages from other folders print "Content-Type: text/html\n\n"; print read_file "$page.html"; #### http://example.com/page.cgi?page=page.cgi%00blah! #### $string =~ tr/\x00-\x09\x0b\x0c\x0e-\x1f//d; #### #!/usr/bin/perl -wT ... my ($page) = $cgi->param('page') =~ /^(\w+)\z/ or die; print "Content-Type: text/html\n\n"; print read_file "$page.html";