in reply to Re: CGI::param wrapper for untainting
in thread CGI::param wrapper for untainting

This node falls below the community's threshold of quality. You may see it by logging in.
  • Comment on Re: Re: CGI::param wrapper for untainting

Replies are listed 'Best First'.
Re: Re: Re: CGI::param wrapper for untainting
by merlyn (Sage) on Mar 28, 2001 at 00:00 UTC
    I have over 20k lines of code currently using param(), so I don't really want to go through it all and use the module Untaint individually each time.
    Then don't bother turning on tainting if you're not using it. That's like painting a big lock on your door saying "I'm safe now".

    Really. I'd reject your code in a heartbeat at a code review if I saw you were using global untainting without regard to the valid content of the fields. Bleh!

    -- Randal L. Schwartz, Perl hacker

[reply]
    A reply falls below the community's threshold of quality. You may see it by logging in.
Re: Re: Re: CGI::param wrapper for untainting
by ambrus (Abbot) on Mar 10, 2004 at 21:29 UTC

    /(.*)/ does not accept anything: it only matches up to before the first newline.

[reply]
[d/l]

In Section Seekers of Perl Wisdom