NAME
Catalyst::Plugin::HTML::Scrubber - Catalyst plugin for scrubbing/sanitizing incoming parameters
SYNOPSIS
use Catalyst qw[HTML::Scrubber];
MyApp->config(
scrubber => {
auto => 1, # automatically run on request
ignore_params => [ qr/_html$/, 'article_body' ],
# The following are options to HTML::Scrubber
params => [
default => 0,
comment => 0,
script => 0,
process => 0,
allow => [qw [ br hr b a h1]],
],
},
);
DESCRIPTION
On request, sanitize HTML tags in all params (with the ability to exempt some if needed), to protect against XSS (cross-site scripting) attacks and other unwanted things.
EXTENDED METHODS
- setup
-
See SYNOPSIS for how to configure the plugin, both with its own configuration (e.g. whether to automatically run, whether to exempt certain fields) and passing on any options from HTML::Scrubber to control exactly what scrubbing happens.
- prepare_parameters
-
Sanitize HTML tags in all parameters (unless `ignore_params` exempts them).
SEE ALSO
AUTHOR
Hideo Kimura, << <hide@hide-k.net> >> original author
David Precious (BIGPRESH), <davidp@preshweb.co.uk>
maintainer since 2023-07-17
COPYRIGHT AND LICENSE
Copyright (C) 2005 by Hideo Kimura
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.