Re: a "search engine" (ahem)

in reply to a "search engine" (ahem)

Use taint modus, see perlsec.

use the 3-arg form of open (see also perlopentut.

Don't interpolate $query into the HTML without HTML-escaping it first; that's a cross-site scripting vulnerability.

Comment on Re: a "search engine" (ahem) Download Code

Replies are listed 'Best First'.
Re^2: a "search engine" (ahem) by hnd (Scribe) on Jul 09, 2009 at 20:17 UTC
thnx moritz but how do i HTML-escape `$query` and yeah the 3-arg form is more readable than this one ===================================================== i'am worst at what do best and for this gift i fell blessed... i found it hard it's hard to find well whatever NEVERMIND	[reply] [d/l]
Re^3: a "search engine" (ahem) by moritz (Cardinal) on Jul 09, 2009 at 20:33 UTC
Use `escapeHTML` from CGI. Or a template system that has the option to escape interpolated variables.	[reply] [d/l]

In Section Seekers of Perl Wisdom