Confession: I asked a similar question back in July, but I have just read Ovid's (ovid) "homily" on CGI and Perl, and besides being racked with guilt (for not writing scripts with -T--but I'm changing all that), I'd like to get more clarity.

(I have been running client-side validation via an external .js file, but I read somewhere that 's a bad idea. Comments?)

I do not know the mind or methods of the "cracker," but I want to know if there is any character(s) that I should absolutely not let through because of the havoc they can potential wreak.

My applications are HTML forms that are parsed and either send an e-mail with the data printed in the e-mail, or inserted into a MySQL db for later display via HTML::Template.

I would like to allow my users to write using normal punctuation (I've gotten complaints that I was too restrictive by not allowing !:?, etc.). So, can I allow any character and not cause a security problem?

BTW, do these very nodes get checked for bad stuff, and if so, what won't the superior monks let through?

Thanks in advance for further clarifying this concept that I'm having a hard time getting my head around.

In reply to Back to acceptable untainted characters by bradcathey

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.