File Coverage

blib/lib/EJS/Template/Util.pm
Criterion Covered Total %
statement 23 26 88.4
branch 5 8 62.5
condition 2 6 33.3
subroutine 7 7 100.0
pod 1 1 100.0
total 38 48 79.1


line stmt bran cond sub pod time code
1 6     6   457 use 5.006;
  6         17  
2 6     6   19 use strict;
  6         7  
  6         109  
3 6     6   22 use warnings;
  6         13  
  6         201  
4              
5             =head1 NAME
6              
7             EJS::Template::Util - Utility for EJS::Template
8              
9             =cut
10              
11             package EJS::Template::Util;
12 6     6   19 use base 'Exporter';
  6         7  
  6         406  
13              
14             our @EXPORT_OK = qw(clean_text_ref);
15              
16 6     6   2810 use Encode;
  6         39891  
  6         375  
17 6     6   31 use Scalar::Util qw(tainted);
  6         8  
  6         877  
18              
19             =head1 Methods
20              
21             =head2 clean_text_ref
22              
23             Usage:
24              
25             my $original_ref = \'some text';
26             my $modified_ref = clean_text_ref($original_ref,
27             $encode_utf8, $sanitize_utf8, $force_untaint);
28            
29             # where the last three arguments are boolean values
30             # to indicate whether each conversion is required.
31              
32             Depending on JavaScript engines, the text value passed from Perl to JavaScript
33             needs to be cleaned up, especially related to the UTF8 flag and the taint mode.
34              
35             It takes a reference to the text as the first argument, and returns a reference
36             to the modified text, of if no conversion is necessary, the original reference
37             is returned.
38              
39             =over 4
40              
41             =item * $encode_utf8
42              
43             Indicates the text needs to be a utf8-encoded string, where the utf8 flag
44             has to be turned off.
45              
46             =item * $sanitize_utf8
47              
48             Indicates the text cannot contain any invalid utf8 characters. The conversion
49             is done by applying C and then C.
50              
51             =item * $force_untaint
52              
53             Indicates tainted strings cannot be passed to the JavaScript engine. This flag
54             effectively disables the taint flag, trusting the JavaScript code to be safe.
55              
56             =back
57              
58             =cut
59              
60             sub clean_text_ref {
61 461     461 1 471 my ($value_ref, $encode_utf8, $sanitize_utf8, $force_untaint) = @_;
62            
63 461 100 33     1979 if (Encode::is_utf8($$value_ref)) {
    50          
64 25 50       81 if ($encode_utf8) {
65             # UTF8 flag must be turned off. (Otherwise, segmentation fault occurs)
66 25         99 $value_ref = \Encode::encode_utf8($$value_ref);
67             }
68             } elsif ($sanitize_utf8 && $$value_ref =~ /[\x80-\xFF]/) {
69             # All characters must be valid UTF8. (Otherwise, segmentation fault occurs)
70 0         0 $value_ref = \Encode::encode_utf8(Encode::decode_utf8($$value_ref));
71             }
72            
73 461 50 33     943 if ($force_untaint && tainted($$value_ref)) {
74 0         0 $$value_ref =~ /(.*)/s;
75 0         0 $value_ref = \qq($1);
76             }
77            
78 461         798 return $value_ref;
79             }
80              
81             =head1 SEE ALSO
82              
83             =over 4
84              
85             =item * L
86              
87             =back
88              
89             =cut
90              
91             1;