use Encode qw(decode);
use URI::Escape qw(uri_unescape);
my $string = decode 'utf-8' => uri_unescape $input;
####
use Encode qw(encode);
use HTML::Entities qw(encode_entities);
my $output = encode_entities encode 'utf-8' => $string;
##
##
#!/usr/bin/perl -w
# this is page.cgi
use strict;
use CGI::Simple;
use File::Slurp qw(read_file);
my $cgi = CGI::Simple->new;
my $page = $cgi->param('page');
die if $page =~ m[/]; # Disallow pages from other folders
print "Content-Type: text/html\n\n";
print read_file "$page.html";
##
##
http://example.com/page.cgi?page=page.cgi%00blah!
##
##
$string =~ tr/\x00-\x09\x0b\x0c\x0e-\x1f//d;
##
##
#!/usr/bin/perl -wT
...
my ($page) = $cgi->param('page') =~ /^(\w+)\z/ or die;
print "Content-Type: text/html\n\n";
print read_file "$page.html";