Hi,
I just read more about how to prevent XSS attacks and it seems like CGI.pm sanitizes most of the incoming form input. Is this not enough? Should I still look into HTML::Strip?
Thanks. | [reply] |
If I am understanding you correctly, the text file is being used to create a form that will only be seen by the person who uploaded the file. If that's the case, then XSS is not a concern since its method of harm is by showing the JavaScript to others. So I guess in this specific case it isn't a threat. I don't know what you're doing to process the form itself, but you may need to handle things on that end (e.g. use placeholders if you are inserting the form input into a database).
| [reply] |