File Coverage

blib/lib/EJS/Template/Util.pm
Criterion Covered Total %
statement 22 26 84.6
branch 5 8 62.5
condition 2 6 33.3
subroutine 7 7 100.0
pod 1 1 100.0
total 37 48 77.0


line stmt bran cond sub pod time code
1 6     6   445 use 5.006;
  6         14  
2 6     6   20 use strict;
  6         11  
  6         104  
3 6     6   22 use warnings;
  6         19  
  6         206  
4              
5             =head1 NAME
6              
7             EJS::Template::Util - Utility for EJS::Template
8              
9             =cut
10              
11             package EJS::Template::Util;
12 6     6   19 use base 'Exporter';
  6         7  
  6         492  
13              
14             our @EXPORT_OK = qw(clean_text_ref);
15              
16 6     6   3077 use Encode;
  6         41540  
  6         356  
17 6     6   33 use Scalar::Util qw(tainted);
  6         7  
  6         874  
18              
19             =head1 Methods
20              
21             =head2 clean_text_ref
22              
23             Usage:
24              
25             my $original_ref = \'some text';
26             my $modified_ref = clean_text_ref($original_ref,
27             $encode_utf8, $sanitize_utf8, $force_untaint);
28            
29             # where the last three arguments are boolean values
30             # to indicate whether each conversion is required.
31              
32             Depending on JavaScript engines, the text value passed from Perl to JavaScript
33             needs to be cleaned up, especially related to the UTF8 flag and the taint mode.
34              
35             It takes a reference to the text as the first argument, and returns a reference
36             to the modified text, of if no conversion is necessary, the original reference
37             is returned.
38              
39             =over 4
40              
41             =item * $encode_utf8
42              
43             Indicates the text needs to be a utf8-encoded string, where the utf8 flag
44             has to be turned off.
45              
46             =item * $sanitize_utf8
47              
48             Indicates the text cannot contain any invalid utf8 characters. The conversion
49             is done by applying C and then C.
50              
51             =item * $force_untaint
52              
53             Indicates tainted strings cannot be passed to the JavaScript engine. This flag
54             effectively disables the taint flag, trusting the JavaScript code to be safe.
55              
56             =back
57              
58             =cut
59              
60             sub clean_text_ref {
61 479     479 1 433 my ($value_ref, $encode_utf8, $sanitize_utf8, $force_untaint) = @_;
62            
63 479 100 33     1936 if (Encode::is_utf8($$value_ref)) {
    50          
64 26 50       61 if ($encode_utf8) {
65             # UTF8 flag must be turned off. (Otherwise, segmentation fault occurs)
66 0         0 $value_ref = \Encode::encode_utf8($$value_ref);
67             }
68             } elsif ($sanitize_utf8 && $$value_ref =~ /[\x80-\xFF]/) {
69             # All characters must be valid UTF8. (Otherwise, segmentation fault occurs)
70 0         0 $value_ref = \Encode::encode_utf8(Encode::decode_utf8($$value_ref));
71             }
72            
73 479 50 33     848 if ($force_untaint && tainted($$value_ref)) {
74 0         0 $$value_ref =~ /(.*)/s;
75 0         0 $value_ref = \qq($1);
76             }
77            
78 479         764 return $value_ref;
79             }
80              
81             =head1 SEE ALSO
82              
83             =over 4
84              
85             =item * L
86              
87             =back
88              
89             =cut
90              
91             1;