Re^2: Input Validation for Template Toolkit

in reply to Re: Input Validation for Template Toolkit
in thread Input Validation and pattern matching in Template Toolkit

Hello Corion! Thanks for your response. "attack" can contain values such as xxx@domain.com. In this case, every input is escaped or encoded but i need to encode only attacking ones like login=<script>...</script> etc. Thats why, i wanted to match the input with keywords and display the template accordingly.

Comment on Re^2: Input Validation for Template Toolkit

Replies are listed 'Best First'.
Re^3: Input Validation for Template Toolkit by Corion (Patriarch) on Jun 20, 2018 at 10:32 UTC
Sure, but then somebody could submit `login=<img src="http://evil.example.com/attack.js">`, and you would have to catch that too. And certainly, there are other attacks. I would recommend to escape all data that is user-supplied.	[reply] [d/l]

In Section Seekers of Perl Wisdom