/ 
libwww-perl-5b6
/ HTML::Parse
Security Advisories (4)
CVE-2010-2253 (2010-07-06)

lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

CPANSA-libwww-perl-2001-01 (2001-03-14)

If LWP::UserAgent::env_proxy is called in a CGI environment, the case-insensitivity when looking for "http_proxy" permits "HTTP_PROXY" to be found, but this can be trivially set by the web client using the "Proxy:" header.

CVE-2011-0633 (2011-01-20)

The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated.

CPANSA-libwww-perl-2017-01 (2017-11-06)

LWP::Protocol::file can open existent file from file:// scheme. However, current version of LWP uses open FILEHANDLE,EXPR and it has ability to execute arbitrary command

NAME

parse_html - Parse HTML text

parse_htmlfile - Parse HTML text from file

SYNOPSIS

use HTML::Parse;
$h = parse_htmlfile("test.html");
print $h->dump;
$h = parse_html("<p>Some more <i>italic</i> text", $h);
$h->delete;

print parse_htmlfile("index.html")->asHTML;  # tidy up markup in a file

DESCRIPTION

This module provides functions to parse HTML text. The result of the parsing is a HTML syntax tree with HTML::Element objects as nodes. Check out HTML::Element for details of methods available to access the syntax tree.

The parser currently understands HTML 2.0 markup + tables + some Netscape extentions.

Entites in all text content and attribute values will be expanded by the parser.

You must delete the parse tree explicitly to free the memory assosiated with it before the perl interpreter terminates. The reason for this is that the parse tree contains circular references (parents have references to their children and children have a reference to their parent).

The following variables control how parsing takes place:

$HTML::Parse::IMPLICIT_TAGS

Setting this variable to true will instruct the parser to try to deduce implicit elements and implicit end tags. If this variable is false you get a parse tree that just reflects the text as it stands. Might be useful for quick & dirty parsing. Default is true.

Implicit elements have the implicit() attribute set.

$HTML::Parse::IGNORE_UNKNOWN

This variable contols whether unknow tags should be represented as elements in the parse tree. Default is true.

$HTML::Parse::IGNORE_TEXT

Do not represent the text content of elements. This saves space if all you want is to examine the structure of the document. Default is false.

SEE ALSO

HTML::Element, HTML::Entities

COPYRIGHT

Copyright (c) 1995 Gisle Aas. All rights reserved.

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

AUTHOR

Gisle Aas <aas@oslonett.no>