[Date Prev][Date Next][Thread Prev][Thread Next] [Search] [Date Index] [Thread Index]

Re: [MacPerl-WebCGI] Filters

To: macperl-webcgi@macperl.org
Subject: Re: [MacPerl-WebCGI] Filters
From: tedd<tedd@sperling.com>
Date: Mon, 18 Dec 2000 16:05:39 -0500
Cc: robinmcf@altern.org
Delivered-To: irons-bumppo:net-mpweb@bumppo.net
In-Reply-To: <v04011700b663dee6383a@[211.19.79.81]>
References: <p05010400b66124f76d84@[10.1.254.126]><p05010400b66124f76d84@[10.1.254.126]><v04011700b663dee6383a@[211.19.79.81]>

>As to the existence of ready written code, maybe the poster should explain
>what input he wants to filter -
>is it to check for  nasty stuff like "query?key=value¥n¥nperl -e unlink *.*;"
>is it to check if data is valid (ie emails, right data type whatever)
>
>Robin

Robin et al:

As the original poster, I simply want to filter what the user inputs 
into my cgi script that creates an html document which publishes what 
the user wrote. It's a "Current News" posting cgi sort of a thing.

I am reluctant to post the URL considering that it is a security 
issue at the moment.

The cgi script takes data from several edit fields, namely 
"Password", "Title of News Story", "Lead Paragraph", and "Body of 
Story" and then creates several html documents to be viewed by others 
depending upon what they want to view -- parts of all of the stories, 
or all of one story.

My concern is that the user may enter:

1. Too much text and overfill the edit fields. When this is done, it 
creates problems.

2. Control characters which can fool my cgi script into thinking that 
more news stories have been added than what's actually been entered.

3. Things beyond my understanding or expectation at this moment 
(which assumes a lot).

So, as I originally posted (to which I received some excellent 
answers) -- I want: 1) To filter the text to remove anything that 
could be malicious (basically keeping a-z,A-Z,0-9, and standard 
punctuation '.;:-' with quote marks; 2) And, to keep the length of 
the input to a certain limit of characters.

Considering what I have learned thus far, I do not want to write a 
java solution. I think it best to keep the solution on the server 
side for a couple of reasons that out weigh speed (namely., security 
and easier to program).

Many thanks for any insight that any may add.

tedd
-- 
http://sperling.com/
_______________________________________________________
Thinking about buying Jewelry?
Try our site: http://earthstones.com

==== Want to unsubscribe from this list?
==== Send mail with body "unsubscribe" to macperl-webcgi-request@macperl.org

Follow-Ups:
- [MacPerl-WebCGI] Re: Filters
  - From: Leland Beaudrot <leland@arpsynod.org>
- Re: [MacPerl-WebCGI] Filters
  - From: robinmcf@altern.org

References:
- [MacPerl-WebCGI] Filters
  - From: tedd<tedd@sperling.com>
- Re: [MacPerl-WebCGI] Filters
  - From: robinmcf@altern.org

Prev by Date: [MacPerl-WebCGI] Re: CGI.pm versus the long way...
Next by Date: [MacPerl-WebCGI] Cut/paste problem
Prev by thread: Re: [MacPerl-WebCGI] Filters
Next by thread: Re: [MacPerl-WebCGI] Filters
Navigation: Date Index | Thread Index | Search | Other lists at bumppo.net