line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
6
|
|
|
6
|
|
445
|
use 5.006; |
|
6
|
|
|
|
|
14
|
|
2
|
6
|
|
|
6
|
|
20
|
use strict; |
|
6
|
|
|
|
|
11
|
|
|
6
|
|
|
|
|
104
|
|
3
|
6
|
|
|
6
|
|
22
|
use warnings; |
|
6
|
|
|
|
|
19
|
|
|
6
|
|
|
|
|
206
|
|
4
|
|
|
|
|
|
|
|
5
|
|
|
|
|
|
|
=head1 NAME |
6
|
|
|
|
|
|
|
|
7
|
|
|
|
|
|
|
EJS::Template::Util - Utility for EJS::Template |
8
|
|
|
|
|
|
|
|
9
|
|
|
|
|
|
|
=cut |
10
|
|
|
|
|
|
|
|
11
|
|
|
|
|
|
|
package EJS::Template::Util; |
12
|
6
|
|
|
6
|
|
19
|
use base 'Exporter'; |
|
6
|
|
|
|
|
7
|
|
|
6
|
|
|
|
|
492
|
|
13
|
|
|
|
|
|
|
|
14
|
|
|
|
|
|
|
our @EXPORT_OK = qw(clean_text_ref); |
15
|
|
|
|
|
|
|
|
16
|
6
|
|
|
6
|
|
3077
|
use Encode; |
|
6
|
|
|
|
|
41540
|
|
|
6
|
|
|
|
|
356
|
|
17
|
6
|
|
|
6
|
|
33
|
use Scalar::Util qw(tainted); |
|
6
|
|
|
|
|
7
|
|
|
6
|
|
|
|
|
874
|
|
18
|
|
|
|
|
|
|
|
19
|
|
|
|
|
|
|
=head1 Methods |
20
|
|
|
|
|
|
|
|
21
|
|
|
|
|
|
|
=head2 clean_text_ref |
22
|
|
|
|
|
|
|
|
23
|
|
|
|
|
|
|
Usage: |
24
|
|
|
|
|
|
|
|
25
|
|
|
|
|
|
|
my $original_ref = \'some text'; |
26
|
|
|
|
|
|
|
my $modified_ref = clean_text_ref($original_ref, |
27
|
|
|
|
|
|
|
$encode_utf8, $sanitize_utf8, $force_untaint); |
28
|
|
|
|
|
|
|
|
29
|
|
|
|
|
|
|
# where the last three arguments are boolean values |
30
|
|
|
|
|
|
|
# to indicate whether each conversion is required. |
31
|
|
|
|
|
|
|
|
32
|
|
|
|
|
|
|
Depending on JavaScript engines, the text value passed from Perl to JavaScript |
33
|
|
|
|
|
|
|
needs to be cleaned up, especially related to the UTF8 flag and the taint mode. |
34
|
|
|
|
|
|
|
|
35
|
|
|
|
|
|
|
It takes a reference to the text as the first argument, and returns a reference |
36
|
|
|
|
|
|
|
to the modified text, of if no conversion is necessary, the original reference |
37
|
|
|
|
|
|
|
is returned. |
38
|
|
|
|
|
|
|
|
39
|
|
|
|
|
|
|
=over 4 |
40
|
|
|
|
|
|
|
|
41
|
|
|
|
|
|
|
=item * $encode_utf8 |
42
|
|
|
|
|
|
|
|
43
|
|
|
|
|
|
|
Indicates the text needs to be a utf8-encoded string, where the utf8 flag |
44
|
|
|
|
|
|
|
has to be turned off. |
45
|
|
|
|
|
|
|
|
46
|
|
|
|
|
|
|
=item * $sanitize_utf8 |
47
|
|
|
|
|
|
|
|
48
|
|
|
|
|
|
|
Indicates the text cannot contain any invalid utf8 characters. The conversion |
49
|
|
|
|
|
|
|
is done by applying C and then C. |
50
|
|
|
|
|
|
|
|
51
|
|
|
|
|
|
|
=item * $force_untaint |
52
|
|
|
|
|
|
|
|
53
|
|
|
|
|
|
|
Indicates tainted strings cannot be passed to the JavaScript engine. This flag |
54
|
|
|
|
|
|
|
effectively disables the taint flag, trusting the JavaScript code to be safe. |
55
|
|
|
|
|
|
|
|
56
|
|
|
|
|
|
|
=back |
57
|
|
|
|
|
|
|
|
58
|
|
|
|
|
|
|
=cut |
59
|
|
|
|
|
|
|
|
60
|
|
|
|
|
|
|
sub clean_text_ref { |
61
|
479
|
|
|
479
|
1
|
433
|
my ($value_ref, $encode_utf8, $sanitize_utf8, $force_untaint) = @_; |
62
|
|
|
|
|
|
|
|
63
|
479
|
100
|
33
|
|
|
1936
|
if (Encode::is_utf8($$value_ref)) { |
|
|
50
|
|
|
|
|
|
64
|
26
|
50
|
|
|
|
61
|
if ($encode_utf8) { |
65
|
|
|
|
|
|
|
# UTF8 flag must be turned off. (Otherwise, segmentation fault occurs) |
66
|
0
|
|
|
|
|
0
|
$value_ref = \Encode::encode_utf8($$value_ref); |
67
|
|
|
|
|
|
|
} |
68
|
|
|
|
|
|
|
} elsif ($sanitize_utf8 && $$value_ref =~ /[\x80-\xFF]/) { |
69
|
|
|
|
|
|
|
# All characters must be valid UTF8. (Otherwise, segmentation fault occurs) |
70
|
0
|
|
|
|
|
0
|
$value_ref = \Encode::encode_utf8(Encode::decode_utf8($$value_ref)); |
71
|
|
|
|
|
|
|
} |
72
|
|
|
|
|
|
|
|
73
|
479
|
50
|
33
|
|
|
848
|
if ($force_untaint && tainted($$value_ref)) { |
74
|
0
|
|
|
|
|
0
|
$$value_ref =~ /(.*)/s; |
75
|
0
|
|
|
|
|
0
|
$value_ref = \qq($1); |
76
|
|
|
|
|
|
|
} |
77
|
|
|
|
|
|
|
|
78
|
479
|
|
|
|
|
764
|
return $value_ref; |
79
|
|
|
|
|
|
|
} |
80
|
|
|
|
|
|
|
|
81
|
|
|
|
|
|
|
=head1 SEE ALSO |
82
|
|
|
|
|
|
|
|
83
|
|
|
|
|
|
|
=over 4 |
84
|
|
|
|
|
|
|
|
85
|
|
|
|
|
|
|
=item * L |
86
|
|
|
|
|
|
|
|
87
|
|
|
|
|
|
|
=back |
88
|
|
|
|
|
|
|
|
89
|
|
|
|
|
|
|
=cut |
90
|
|
|
|
|
|
|
|
91
|
|
|
|
|
|
|
1; |