/ 
libwww-perl-5.21
River stage four • 2384 direct dependents • 8176 total dependents
/ HTML::AsSubs
Security Advisories (4)
CPANSA-libwww-perl-2017-01 (2017-11-06)

LWP::Protocol::file can open existent file from file:// scheme. However, current version of LWP uses open FILEHANDLE,EXPR and it has ability to execute arbitrary command

CVE-2011-0633 (2011-01-20)

The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated.

CVE-2010-2253 (2010-07-06)

lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

CPANSA-libwww-perl-2001-01 (2001-03-14)

If LWP::UserAgent::env_proxy is called in a CGI environment, the case-insensitivity when looking for "http_proxy" permits "HTTP_PROXY" to be found, but this can be trivially set by the web client using the "Proxy:" header.

NAME

HTML::AsSubs - functions that construct a HTML syntax tree

SYNOPSIS

 use HTML::AsSubs;
 $h = body(
	   h1("This is the heading"),
	   p("This is the first paragraph which contains a ",
	     a({href=>'link.html'}, "link"),
	     " and an ",
	     img({src=>'img.gif', alt=>'image'}),
	     "."
	    ),
	  );
 print $h->as_HTML;

DESCRIPTION

This module exports functions that can be used to construct various HTML elements. The functions are named after the tags of the correponding HTML element and are all written in lower case. If the first argument is a hash then it will be used to initialize the attributes of this element. The remaining arguments are regarded as content.

ACKNOWLEDGEMENT

This module was inspired by the following message:

Date: Tue, 4 Oct 1994 16:11:30 +0100
Subject: Wow! I have a large lightbulb above my head!

Take a moment to consider these lines:

%OVERLOAD=( '""' => sub { join("", @{$_[0]}) } );

sub html { my($type)=shift; bless ["<$type>", @_, "</$type>"]; }

:-)  I *love* Perl 5!  Thankyou Larry and Ilya.

Regards,
Tim Bunce.

p.s. If you didn't get it, think about recursive data types: html(html())
p.p.s. I'll turn this into a much more practical example in a day or two.
p.p.p.s. It's a pity that overloads are not inherited. Is this a bug?

BUGS

The exported link() function overrides the builtin link() function. The exported tr() function must be called using &tr(...) syntax because it clashes with the builtin tr/../../ operator.

SEE ALSO

HTML::Element