line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package String::Clean::XSS; |
2
|
|
|
|
|
|
|
BEGIN { |
3
|
1
|
|
|
1
|
|
52032
|
$String::Clean::XSS::VERSION = '0.031'; |
4
|
|
|
|
|
|
|
} |
5
|
|
|
|
|
|
|
|
6
|
|
|
|
|
|
|
#use base qw{Exporter String::Class}; |
7
|
1
|
|
|
1
|
|
15
|
use Exporter qw{import}; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
64
|
|
8
|
|
|
|
|
|
|
our @EXPORT = qw{clean_XSS convert_XSS}; |
9
|
|
|
|
|
|
|
|
10
|
1
|
|
|
1
|
|
6
|
use strict; |
|
1
|
|
|
|
|
1
|
|
|
1
|
|
|
|
|
57
|
|
11
|
1
|
|
|
1
|
|
6
|
use warnings; |
|
1
|
|
|
|
|
5
|
|
|
1
|
|
|
|
|
48
|
|
12
|
1
|
|
|
1
|
|
1056
|
use String::Clean; |
|
1
|
|
|
|
|
5
|
|
|
1
|
|
|
|
|
38
|
|
13
|
1
|
|
|
1
|
|
21
|
use Carp::Assert::More; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
473
|
|
14
|
|
|
|
|
|
|
|
15
|
|
|
|
|
|
|
=head1 NAME |
16
|
|
|
|
|
|
|
|
17
|
|
|
|
|
|
|
String::Clean::XSS - Clean up for Cross Site Scripting (XSS) |
18
|
|
|
|
|
|
|
|
19
|
|
|
|
|
|
|
=head1 SYNOPSIS |
20
|
|
|
|
|
|
|
|
21
|
|
|
|
|
|
|
Clean strings to protect from XSS attacks. |
22
|
|
|
|
|
|
|
|
23
|
|
|
|
|
|
|
=head2 EXAMPLES |
24
|
|
|
|
|
|
|
|
25
|
|
|
|
|
|
|
use String::Clean::XSS; |
26
|
|
|
|
|
|
|
|
27
|
|
|
|
|
|
|
my $stuff_from_user = ''; |
28
|
|
|
|
|
|
|
|
29
|
|
|
|
|
|
|
my $safe_login = convert_XSS($stuff_from_user); |
30
|
|
|
|
|
|
|
# results in '<script>bad stuff</script>' |
31
|
|
|
|
|
|
|
|
32
|
|
|
|
|
|
|
my $cleaned_login = clean_XSS($stuff_from_user); |
33
|
|
|
|
|
|
|
$ results in 'scriptbad stuff/script' |
34
|
|
|
|
|
|
|
|
35
|
|
|
|
|
|
|
=head1 FUNCTIONS |
36
|
|
|
|
|
|
|
|
37
|
|
|
|
|
|
|
=head2 clean_XSS |
38
|
|
|
|
|
|
|
|
39
|
|
|
|
|
|
|
clean_XSS( $string ); |
40
|
|
|
|
|
|
|
|
41
|
|
|
|
|
|
|
Removes angle brackets from the given string. |
42
|
|
|
|
|
|
|
|
43
|
|
|
|
|
|
|
=cut |
44
|
|
|
|
|
|
|
|
45
|
|
|
|
|
|
|
|
46
|
|
|
|
|
|
|
sub clean_XSS { |
47
|
2
|
|
|
2
|
1
|
5
|
my ( $string ) = @_; |
48
|
2
|
|
|
|
|
7
|
assert_defined($string); |
49
|
2
|
|
|
|
|
7
|
my $yaml = q{ |
50
|
|
|
|
|
|
|
--- |
51
|
|
|
|
|
|
|
- '<' |
52
|
|
|
|
|
|
|
- '>' |
53
|
|
|
|
|
|
|
}; |
54
|
2
|
|
|
|
|
13
|
return String::Clean->new()->clean_by_yaml( $yaml, $string ); |
55
|
|
|
|
|
|
|
} |
56
|
|
|
|
|
|
|
|
57
|
|
|
|
|
|
|
=head2 convert_XSS |
58
|
|
|
|
|
|
|
|
59
|
|
|
|
|
|
|
convert_XSS( $string ); |
60
|
|
|
|
|
|
|
|
61
|
|
|
|
|
|
|
Converts angle brackets to there HTML entities. |
62
|
|
|
|
|
|
|
|
63
|
|
|
|
|
|
|
=cut |
64
|
|
|
|
|
|
|
|
65
|
|
|
|
|
|
|
sub convert_XSS { |
66
|
1
|
|
|
1
|
1
|
10
|
my ( $string ) = @_; |
67
|
1
|
|
|
|
|
7
|
assert_defined($string); |
68
|
1
|
|
|
|
|
4
|
my $yaml = q{ |
69
|
|
|
|
|
|
|
--- |
70
|
|
|
|
|
|
|
'<' : '<' |
71
|
|
|
|
|
|
|
'>' : '>' |
72
|
|
|
|
|
|
|
}; |
73
|
1
|
|
|
|
|
15
|
return String::Clean->new()->clean_by_yaml( $yaml, $string ); |
74
|
|
|
|
|
|
|
} |
75
|
|
|
|
|
|
|
|
76
|
|
|
|
|
|
|
=head1 AUTHOR |
77
|
|
|
|
|
|
|
|
78
|
|
|
|
|
|
|
ben hengst, C<< >> |
79
|
|
|
|
|
|
|
|
80
|
|
|
|
|
|
|
=head1 BUGS |
81
|
|
|
|
|
|
|
|
82
|
|
|
|
|
|
|
Please report any bugs or feature requests to C, or through |
83
|
|
|
|
|
|
|
the web interface at L. I will be notified, and then you'll |
84
|
|
|
|
|
|
|
automatically be notified of progress on your bug as I make changes. |
85
|
|
|
|
|
|
|
|
86
|
|
|
|
|
|
|
=head1 SUPPORT |
87
|
|
|
|
|
|
|
|
88
|
|
|
|
|
|
|
You can find documentation for this module with the perldoc command. |
89
|
|
|
|
|
|
|
|
90
|
|
|
|
|
|
|
perldoc String::Clean |
91
|
|
|
|
|
|
|
|
92
|
|
|
|
|
|
|
|
93
|
|
|
|
|
|
|
You can also look for information at: |
94
|
|
|
|
|
|
|
|
95
|
|
|
|
|
|
|
=over 4 |
96
|
|
|
|
|
|
|
|
97
|
|
|
|
|
|
|
=item * RT: CPAN's request tracker |
98
|
|
|
|
|
|
|
|
99
|
|
|
|
|
|
|
L |
100
|
|
|
|
|
|
|
|
101
|
|
|
|
|
|
|
=item * AnnoCPAN: Annotated CPAN documentation |
102
|
|
|
|
|
|
|
|
103
|
|
|
|
|
|
|
L |
104
|
|
|
|
|
|
|
|
105
|
|
|
|
|
|
|
=item * CPAN Ratings |
106
|
|
|
|
|
|
|
|
107
|
|
|
|
|
|
|
L |
108
|
|
|
|
|
|
|
|
109
|
|
|
|
|
|
|
=item * Search CPAN |
110
|
|
|
|
|
|
|
|
111
|
|
|
|
|
|
|
L |
112
|
|
|
|
|
|
|
|
113
|
|
|
|
|
|
|
=back |
114
|
|
|
|
|
|
|
|
115
|
|
|
|
|
|
|
|
116
|
|
|
|
|
|
|
=head1 ACKNOWLEDGEMENTS |
117
|
|
|
|
|
|
|
|
118
|
|
|
|
|
|
|
|
119
|
|
|
|
|
|
|
=head1 COPYRIGHT & LICENSE |
120
|
|
|
|
|
|
|
|
121
|
|
|
|
|
|
|
Copyright 2007 ben hengst, all rights reserved. |
122
|
|
|
|
|
|
|
|
123
|
|
|
|
|
|
|
This program is free software; you can redistribute it and/or modify it |
124
|
|
|
|
|
|
|
under the same terms as Perl itself. |
125
|
|
|
|
|
|
|
|
126
|
|
|
|
|
|
|
|
127
|
|
|
|
|
|
|
=cut |
128
|
|
|
|
|
|
|
|
129
|
|
|
|
|
|
|
1; # End of String::Clean::XSS |