/ 
Mojolicious-0.999928
⭐ Starred 2674
/ Mojo::Message
Security Advisories (12)
CPANSA-Mojolicious-2022-03 (2022-12-10)

Mojo::DOM did not correctly parse <script> tags.

CPANSA-Mojolicious-2021-02 (2021-06-01)

Small sessions could be used as part of a brute-force attack to decode the session secret.

CVE-2021-47208 (2021-03-16)

A bug in format detection can potentially be exploited for a DoS attack.

CVE-2018-25100 (2018-02-13)

Mojo::UserAgent::CookieJar leaks old cookies because of the missing host_only flag on empty domain.

CPANSA-Mojolicious-2015-01 (2015-02-02)

Directory traversal on Windows

CPANSA-Mojolicious-2018-03 (2018-05-19)

Mojo::UserAgent was not checking peer SSL certificates by default.

CPANSA-Mojolicious-2018-02 (2018-05-11)

GET requests with embedded backslashes can be used to access local files on Windows hosts

CPANSA-Mojolicious-2014-01 (2014-10-07)

Context sensitivity of method param could lead to parameter injection attacks.

CVE-2011-1841 (2011-03-10)

Mojolicious is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by link_to helper. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

CVE-2011-1589 (2011-04-05)

Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.

CVE-2011-1841 (2011-05-03)

Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2024-58134 (2025-05-03)

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These predictable default secrets can be exploited by an attacker to forge session cookies.  An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user’s session.

NAME

Mojo::Message - HTTP 1.1 Message Base Class

SYNOPSIS

use base 'Mojo::Message';

DESCRIPTION

Mojo::Message is an abstract base class for HTTP 1.1 messages as described in RFC 2616 and RFC 2388.

ATTRIBUTES

Mojo::Message implements the following attributes.

body_cb

my $cb = $message->body_cb;

$counter = 1;
$message = $message->body_cb(sub {
    my $self  = shift;
    my $chunk = '';
    $chunk    = "hello world!" if $counter == 1;
    $chunk    = "hello world2!\n\n" if $counter == 2;
    $counter++;
    return $chunk;
});

Content generator callback.

buffer

my $buffer = $message->buffer;
$message   = $message->buffer(Mojo::ByteStream->new);

Input buffer for parsing.

content

my $content = $message->content;
$message    = $message->content(Mojo::Content::Single->new);

Content container, defaults to a Mojo::Content::Single object.

default_charset

my $charset = $message->default_charset;
$message    = $message->default_charset('UTF-8');

Default charset used for form data parsing.

dom_class

my $class = $message->dom_class;
$message  = $message->dom_class('Mojo::DOM');

Class to be used for DOM manipulation, defaults to Mojo::DOM. Note that this attribute is EXPERIMENTAL and might change without warning!

finish_cb

my $cb   = $message->finish_cb;
$message = $message->finish_cb(sub {
    my $self = shift;
});

Callback called after message building or parsing is finished.

json_class

my $class = $message->json_class;
$message  = $message->json_class('Mojo::JSON');

Class to be used for JSON deserialization with json, defaults to Mojo::JSON. Note that this attribute is EXPERIMENTAL and might change without warning!

major_version

my $major_version = $message->major_version;
$message          = $message->major_version(1);

Major version, defaults to 1.

minor_version

my $minor_version = $message->minor_version;
$message          = $message->minor_version(1);

Minor version, defaults to 1.

progress_cb

my $cb   = $message->progress_cb;
$message = $message->progress_cb(sub {
    my $self = shift;
    print '+';
});

Progress callback.

METHODS

Mojo::Message inherits all methods from Mojo::Base and implements the following new ones.

at_least_version

my $success = $message->at_least_version('1.1');

Check if message is at least a specific version.

body

my $string = $message->body;
$message   = $message->body('Hello!');

$counter = 1;
$message = $message->body(sub {
    my $self  = shift;
    my $chunk = '';
    $chunk    = "hello world!" if $counter == 1;
    $chunk    = "hello world2!\n\n" if $counter == 2;
    $counter++;
    return $chunk;
});

Helper for simplified content access.

body_params

my $params = $message->body_params;

POST parameters.

body_size

my $size = $message->body_size;

Size of the body in bytes.

to_string

build

my $string = $message->build;

Render whole message.

build_body

my $string = $message->build_body;

Render whole body.

build_headers

my $string = $message->build_headers;

Render all headers.

build_start_line

my $string = $message->build_start_line;

Render start line.

my $cookie  = $message->cookie('foo');
my @cookies = $message->cookie('foo');

Access message cookies.

dom

my $dom = $message->dom;

Parses content into a Mojo::DOM object. Note that this method is EXPERIMENTAL and might change without warning!

error

my $message          = $message->error;
my ($message, $code) = $message->error;
$message             = $message->error('Parser error.');
$message             = $message->error('Parser error.', 500);

Parser errors and codes.

fix_headers

$message = $message->fix_headers;

Make sure message has all required headers for the current HTTP version.

get_body_chunk

my $string = $message->get_body_chunk($offset);

Get a chunk of body data starting from a specific position.

get_header_chunk

my $string = $message->get_header_chunk($offset);

Get a chunk of header data, starting from a specific position.

get_start_line_chunk

my $string = $message->get_start_line_chunk($offset);

Get a chunk of start line data starting from a specific position.

has_leftovers

my $leftovers = $message->has_leftovers;

CHeck if message parser has leftover data in the buffer.

header_size

my $size = $message->header_size;

Size of headers in bytes.

headers

my $headers = $message->headers;
$message    = $message->headers(Mojo::Headers->new);

Header container, defaults to a Mojo::Headers object.

is_chunked

my $chunked = $message->is_chunked;

Check if message content is chunked.

is_done

my $done = $message->is_done;

Check if parser is done.

is_multipart

my $multipart = $message->is_multipart;

Check if message content is multipart.

json

my $object = $message->json;
my $array  = $message->json;

Decode JSON message body directly using Mojo::JSON if possible, returns undef otherwise. Note that this method is EXPERIMENTAL and might change without warning!

leftovers

my $bytes = $message->leftovers;

Remove leftover data from the parser buffer.

param

my $param  = $message->param('foo');
my @params = $message->param('foo');

Access GET and POST parameters.

parse

$message = $message->parse('HTTP/1.1 200 OK...');

Parse message chunk.

parse_until_body

$message = $message->parse_until_body('HTTP/1.1 200 OK...');

Parse message chunk until the body is reached.

start_line_size

my $size = $message->start_line_size;

Size of the start line in bytes.

upload

my $upload  = $message->upload('foo');
my @uploads = $message->upload('foo');

Access file uploads.

uploads

my $uploads = $message->uploads;

All file uploads.

version

my $version = $message->version;
$message    = $message->version('1.1');

HTTP version of message.

SEE ALSO

Mojolicious, Mojolicious::Guides, http://mojolicious.org.