Hello Monks. I am just starting to learn the language of Perl. I came to your monastery in order to seek an answer to a question to which I haven't satisfactorily found an answer yet. I am currently finishing a form. I am at that point wherein I am learning how to sanitize the user's input. The code goes like this: 

#!/usr/bin/perl

use strict;
use warnings;
use diagnostics;

use CGI;

my $query = CGI->new;
my $input = $query->param('team_name');

$input =~    s/[^a-zA-Z0-9\s!]/_/g;

$input =~ s/!/!/g;  # Escaping ! for HTML
$input =~ s/!/\!/g;    # Escaping ! for Perl

[download]

My goal is to escape the occurrences of exclamation symbols (!) that will be supplied by the user so that they are not interpreted as part of the HTML and Perl code. Some of you may probably recommend to use a module such as HTML::Entities and the likes. However, at this point, I just want to gain an understanding on how escaping works for HTML and Perl. If I use the above code, would it be safe to do so. I guess my real questions are: is it possible to escape the same special character for both Perl and HTML at the same time? would escaping ! for Perl cancel out the earlier escaping of ! for HTML - vice-versa? I'd very much appreciate your help on this topic. Thank you.

In reply to Escaping special characters by tiny_monk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.