comment on

I asked this in the chatterbox but somehow things got a bit "confused", so I'm providing a better explanation. Note that this is not a "do my job for me" post. I am planning on writing this (and posting it here), but if it's already written, I'd love to know!

Recently, I've been handed a mock-up of a huge Web-based application. Many of the forms have 40 or more elements in them. What I have been looking for is a script that will read in HTML forms and automatically generate a code skeleton that will:

Populate scalars or arrays based on the form structure.
Generate some basic taint-checking routines (perhaps even have it automatically use the Untaint module, but it's not standard).
Automatically have strict, warnings, and taint checking added to the top of the code to enforce better coding practices.

In short, I'd like something that will take the following HTML form and create a Perl skeleton for it:

<form action='somescript.pl' method=post enctype='multipart/form-data'
+>
    <input type='hidden' name=somename value="asdf">
    <input type=text name=name value=Ovid size="30" maxsize="30">
    <br />
    <br>
    <input type="checkbox" name="group1" value="1" checked /> box 1 gr
+oup 1
    <br>
    <input type="checkbox" name="group1" value="2"> box 2 group 1
    <br>
    <input type="password" name="pass"> Password
</form>
[download]

The HTML above is deliberately formatted poorly because I'd prefer a robust solution. A code template generated from this would resemble the following:

#!/usr/bin/perl -w
use strict;
use CGI;
my $q = CGI->new;

# read in form data
my $_somename = $q->param( 'somename' ); # hidden
my $_name = $q->param( 'name' ); # text
my @_group1 = $q->param( 'group1' ); # checkbox
my $_pass = $q->param( 'pass' ); # password

# untaint the data
my ( $somename ) = ( $_somename =~ /^(asdf)$/ );
my ( $name ) = ( $_name =~ /^(Ovid)$/ );
my @group1;
( $group1[$_] ) = ( $_group1[$_] =~ /^(1|2)$/ ) foreach ( 0 .. $#_grou
+p1 );
my ( $pass ) = ( $_pass =~ /^(\w+)$/ );
[download]

Note that taint checking is based upon the values already present in the form with a default of \w+ if no value attributes are present in the HTML. Also, it would automatically change the scalar to an array for multi-valued elements (the checkbox group).

If something like this exists (okay, merlyn, which of your columns did I miss? :), please let me know. If it doesn't exist, advice welcome.

I think the benefits of such a script are obvious:

Faster development time.
Greater accuracy (never miss another form element!)
Taint checking automatically very restrictive.
Pretend to spend 5 hours writing a form-handling routine when you're really playing Quake.

Cheers,
Ovid

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

In reply to Automatic Generation of Form Handling Code by Ovid

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.