use strict;
use warnings;

# strip any non-safe URL characters
# Note: This is not Data validation!  Other
#       code must verify/edit expected results
sub SafeURL {
    my @args = @_;
    local $_;
    foreach (@args) {
        s/[^\w\d.\@-]//gi if defined;
    }
    return wantarray ? @args : pop @args;
}

# Note: escape html covered by CGI escapeHTML()

# escape any non-safe javascript characters
sub EscapeJavaScript {
    my @args = @_;
    local $_;
    foreach (@args) {
        s/([^\w\d.\@-])/uc sprintf("%%%02x",ord($1))/egi
             if defined;
    }
    return wantarray ? @args : pop @args;
}

#####################
# test subs
my @array = qw(
    blah@&blah.blah/<test>
    lalalalal12340as-rqweousn
    //hokey/pokey
);

foreach (@array) {
    my $result1 = SafeURL($_);
    my $result2 = EscapeJavaScript($_);
    print "string: $_\n  SafeURL: $result1\n  EscapeJavaScript: $result2\n";
}
print "SafeURL array test: " . join(', ', SafeURL(@array)) . "\n";
print "EscapeJavaScript array test: " . join(', ', EscapeJavaScript(@array)) . "\n";