To prevent XSS attacks you should have a 'logged in' hidden input.

What does this thread have to do with XSS attacks? And how do hidden form fields "prevent" them?

Bad practices, even when using perl, can lead to XSS attacks. This is not the place to debate the "Known and widely accepted solutions." to XSS. There are many resources outside of Perl that deal with this topic. Use the perl modules and you've got a chance at safe code, head off in your own direction and you'll regret it.

My post was aimed at getting the Monk to understand that the question was leading the code in a direction it would be best it didn't. There are not many ways to implement a website hardened against XSS and this limits the scope of any questions related to login, sessions, data handling, and form validation to a less than manageable size. In other words if you're doing web development and your code dealing with one of these areas doesn't just work, you need to fall back into line or your users will be hacked.

Again: What does this thread have to do with XSS attacks?

Karl

«The Crux of the Biscuit is the Apostrophe»