HTML::CGIChecker is a Perl module to detect dangerous HTML code.
SYNOPSIS
use HTML::CGIChecker;
$feedback = '
< TABLE CELLPADDING="2" >< TR >< TD >One column< /TD >< /TR >< /TABLE >< BR >
" Arrays & variables "
Dough > Hi, how are you ?
And now some Perl code:
< PRE >
print "< HTML >< BODY >< /BODY >< /HTML >";
< /PRE >
';
# create the $checker object
$checker = new HTML::CGIChecker (
mode => 'allow',
allowclasses => [ qw( tables images ) ],
allowtags => [ qw ( B I A U STRONG BR HR ) ],
jscript => 0,
html => 0,
pre => 1,
debug => 0,
err_tag => 'Tag {tag} is not allowed in {element}.'
);
# Now you can use it to check any string using its checkHTML()
# method. It "remembers" its configuration, so you can reuse it.
($checked_feedback, $Warnings) =
$checker->checkHTML ($feedback);
# Process the results ...
if ($checked_feedback) {
# save $checked_feedback to the database ....
}
else {
# print the warnings ...
print join ("n", @{$Warnings});
}
The example above produces no warning messages and returns $feedback checked and properly HTML escaped. The only HTML "error" - the unescaped ">" bracket on the fourth line - is autocorrected. One warning message was overriden by a customized version. Potential warnings would not be HTML formatted and HTML safe, because the 'html' parameter is not true.
Product's homepage
Requirements:
· Perl
Find us on Google+
