To reinforce what has been said by Corion and marto: never, ever trust input from the client. Validation done on the client side is only to optimize the input loop by reducing the number of round trips needed to the server.

Assume that you client can (and will if you are really paranoid) put anything on the wire that they wish. I have had to fight the attitude that 'we are not dealing with smart hackers here' when doing code audits (previous life), and was constantly amazed at the lack of concern shown toward basic application security.

--MidLifeXis

In reply to Re^3: Sending a mail with Perl, nah.. the same and same question... by MidLifeXis
in thread Sending a mail with Perl, nah.. the same and same question... by heatblazer

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.