/ 
libwww-perl-5.21
River stage four • 2204 direct dependents • 6286 total dependents
/ HTML::Filter
Security Advisories (4)
CPANSA-libwww-perl-2017-01 (2017-11-06)

LWP::Protocol::file can open existent file from file:// scheme. However, current version of LWP uses open FILEHANDLE,EXPR and it has ability to execute arbitrary command

CVE-2011-0633 (2011-01-20)

The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated.

CVE-2010-2253 (2010-07-06)

lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

CPANSA-libwww-perl-2001-01 (2001-03-14)

If LWP::UserAgent::env_proxy is called in a CGI environment, the case-insensitivity when looking for "http_proxy" permits "HTTP_PROXY" to be found, but this can be trivially set by the web client using the "Proxy:" header.

NAME

HTML::Filter - Filter HTML text through the parser

SYNOPSIS

require HTML::Filter;
$p = HTML::Filter->new->parse_file("index.html");

DESCRIPTION

The HTML::Filter is an HTML parser that by default prints the original text parsed (a slow version of cat(1) basically). You can override the callback methods to modify the filtering for some of the HTML elements and you can override output() method which is called to print the HTML text.

The HTML::Filter is a subclass of HTML::Parser. This means that the document should be given to the parser by calling the $p->parse() or $p->parse_file() methods.

EXAMPLES

The first example is a filter that will remove all comments from an HTML file. This is achieved by simply overriding the comment method to do nothing.

package CommentStripper;
require HTML::Filter;
@ISA=qw(HTML::Filter);
sub comment { }  # ignore comments

The second example shows a filter that will remove any <TABLE>s found in the HTML file. We specialize the start() and end() methods to count table tags and then make output not happen when inside a table.

  package TableStripper;
  require HTML::Filter;
  @ISA=qw(HTML::Filter);
  sub start
  {
     my $self = shift;
     $self->{table_seen}++ if $_[0] eq "table";
     $self->SUPER::start(@_);
  }  

  sub end
  {
     my $self = shift;
     $self->SUPER::end(@_);
     $self->{table_seen}-- if $_[0] eq "table";
  }

  sub output
  {
      my $self = shift;
      unless ($self->{table_seen}) {
	  $self->SUPER::output(@_);
      }
  }

If you want to collect the parsed text internally you might want to do something like this:

package FilterIntoString;
require HTML::Filter;
@ISA=qw(HTML::Filter);
sub output { push(@{$_[0]->{fhtml}}, $_[1]) }
sub filtered_html { join("", @{$_[0]->{fhtml}}) }

BUGS

Comments in declarations are removed from the declarations and then inserted as separate comments after the declaration. If you turn on strict_comment(), then comments with embedded "--" are split into multiple comments.

SEE ALSO

HTML::Parser

COPYRIGHT

Copyright 1997 Gisle Aas.

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.