G'day... > Comments from others would be appreciated. Michael, what's > your thinking behind using CGI::Untaint?
OK... My thoughts are this - <flamesuit on :)>checking out the module before casting judgement on it is a good thing(tm)</flamesuit off> :) The module leaves validation up to the end user/programmer... It is simply a module of convenience. It does not blindly untaint all data, you must request each form element to be untainted as you go. I view the CGI::Untaint module as simply a tool in the process of validating data, and using it in a taint-safe fashion. (For example, I'll use CGI::Untaint to grab an email address, and ensure it is valid with Email::Valid.) CGI::Untaint does have its limitations, it cannot handle multiple selections made in a select box, for example. I also feel that writing a module that would validate (and if necessary untaint) data from a form would be either near impossible /or/ require well defined usage rules and user configuration. After all validation is dependant on the context of the data being gathered. (And again, a number of modules already exist for this purpose.) I've found CGI::Untaint a useful tool, not a perfect one-size-fits-all one. All the best... Regards, Michael S. E. Kraus Software Developer Wild Technology Pty Ltd _______________________________ ABN 98 091 470 692 Level 4 Tiara, 306/9 Crystal Street, Waterloo NSW 2017, Australia Telephone 1300-13-9453 | Facsimile 1300-88-9453 http://www.wildtechnology.net The information contained in this email message and any attachments may be confidential information and may also be the subject of client legal - legal professional privilege. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. This email and any attachments are also subject to copyright. No part of them may be reproduced, adapted or transmitted without the written permission of the copyright owner. If you have received this email in error, please immediately advise the sender by return email and delete the message from your system. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
