|
|
|
| Problems? Is your data what you think it is? | |
| PerlMonks |
untainting unicode text using \wby danmcb (Monk) |
| on Aug 24, 2007 at 20:44 UTC ( [id://634960]=perlquestion: print w/replies, xml ) | Need Help?? |
|
danmcb has asked for the wisdom of the Perl Monks concerning the following question: I searched for something like this, but I don't see any previous questions on the subject. This is not so much a question, as a request for the input of monks who may have already been here. My problem is - how to launder CGI parameters as being "printable" when they are not limited to ASCII, or even ISO-8559-1. They could be in Mandarin, or Hindi, say. Now, I'm reading the regex docs, and \w looks like the answer, or part of it. To quote from perlrecharclass.pod : "If it's in UTF-8 format, \w matches those characters that are considered word characters in the Unicode database. That is, it not only matches ASCII letters, but also Thai letters, Greek letters, etc." So I guess my untaint regex, to allow a user to send a note by email in any language but not do evil things, should be something like:
That is - any "word" character, any whitespace, full stops and commas. Does that seem safe? Let's say that this string will get piped to sendmail. And more to the point, is this perhaps an Untaint module that should be on CPAN but isn't? This must be a common requirement these days.
Back to
Seekers of Perl Wisdom
|
|
||||||||||||||||||||||||||||