/ 
Mojolicious-6.21
⭐ Starred 2674
/ Mojolicious::Lite
Security Advisories (8)
CPANSA-Mojolicious-2022-03 (2022-12-10)

Mojo::DOM did not correctly parse <script> tags.

CPANSA-Mojolicious-2021-02 (2021-06-01)

Small sessions could be used as part of a brute-force attack to decode the session secret.

CVE-2021-47208 (2021-03-16)

A bug in format detection can potentially be exploited for a DoS attack.

CVE-2018-25100 (2018-02-13)

Mojo::UserAgent::CookieJar leaks old cookies because of the missing host_only flag on empty domain.

CPANSA-Mojolicious-2018-03 (2018-05-19)

Mojo::UserAgent was not checking peer SSL certificates by default.

CVE-2020-36829 (2020-11-10)

Mojo::Util secure_compare can leak the string length. By immediately returning when the two strings are not the same length, the function allows an attacker to guess the length of the secret string using timing attacks.

CPANSA-Mojolicious-2018-02 (2018-05-11)

GET requests with embedded backslashes can be used to access local files on Windows hosts

CVE-2024-58134 (2025-05-03)

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user's session.

NAME

Mojolicious::Lite - Micro real-time web framework

SYNOPSIS

# Automatically enables "strict", "warnings", "utf8" and Perl 5.10 features
use Mojolicious::Lite;

# Route with placeholder
get '/:foo' => sub {
  my $c   = shift;
  my $foo = $c->param('foo');
  $c->render(text => "Hello from $foo.");
};

# Start the Mojolicious command system
app->start;

DESCRIPTION

Mojolicious::Lite is a micro real-time web framework built around Mojolicious.

See Mojolicious::Guides::Tutorial for more!

FUNCTIONS

Mojolicious::Lite implements the following functions, which are automatically exported.

any

my $route = any '/:foo' => sub {...};
my $route = any '/:foo' => {foo => 'bar'} => sub {...};
my $route = any '/:foo' => [foo => qr/\w+/] => sub {...};
my $route = any [qw(GET POST)] => '/:foo' => sub {...};
my $route = any [qw(GET POST)] => '/:foo' => [foo => qr/\w+/] => sub {...};

Generate route with "any" in Mojolicious::Routes::Route, matching any of the listed HTTP request methods or all. See also Mojolicious::Guides::Tutorial for many more argument variations.

app

my $app = app;

Returns the Mojolicious::Lite application object, which is a subclass of Mojolicious.

# Use all the available attributes and methods
app->log->level('error');
app->defaults(foo => 'bar');

del

my $route = del '/:foo' => sub {...};
my $route = del '/:foo' => {foo => 'bar'} => sub {...};
my $route = del '/:foo' => [foo => qr/\w+/] => sub {...};

Generate route with "delete" in Mojolicious::Routes::Route, matching only DELETE requests. See also Mojolicious::Guides::Tutorial for many more argument variations.

get

my $route = get '/:foo' => sub {...};
my $route = get '/:foo' => {foo => 'bar'} => sub {...};
my $route = get '/:foo' => [foo => qr/\w+/] => sub {...};

Generate route with "get" in Mojolicious::Routes::Route, matching only GET requests. See also Mojolicious::Guides::Tutorial for many more argument variations.

group

group {...};

Start a new route group.

helper

helper foo => sub {...};

Add a new helper with "helper" in Mojolicious.

hook

hook after_dispatch => sub {...};

Share code with "hook" in Mojolicious.

options

my $route = options '/:foo' => sub {...};
my $route = options '/:foo' => {foo => 'bar'} => sub {...};
my $route = options '/:foo' => [foo => qr/\w+/] => sub {...};

Generate route with "options" in Mojolicious::Routes::Route, matching only OPTIONS requests. See also Mojolicious::Guides::Tutorial for many more argument variations.

patch

my $route = patch '/:foo' => sub {...};
my $route = patch '/:foo' => {foo => 'bar'} => sub {...};
my $route = patch '/:foo' => [foo => qr/\w+/] => sub {...};

Generate route with "patch" in Mojolicious::Routes::Route, matching only PATCH requests. See also Mojolicious::Guides::Tutorial for many more argument variations.

plugin

plugin SomePlugin => {foo => 23};

Load a plugin with "plugin" in Mojolicious.

post

my $route = post '/:foo' => sub {...};
my $route = post '/:foo' => {foo => 'bar'} => sub {...};
my $route = post '/:foo' => [foo => qr/\w+/] => sub {...};

Generate route with "post" in Mojolicious::Routes::Route, matching only POST requests. See also Mojolicious::Guides::Tutorial for many more argument variations.

put

my $route = put '/:foo' => sub {...};
my $route = put '/:foo' => {foo => 'bar'} => sub {...};
my $route = put '/:foo' => [foo => qr/\w+/] => sub {...};

Generate route with "put" in Mojolicious::Routes::Route, matching only PUT requests. See also Mojolicious::Guides::Tutorial for many more argument variations.

under

my $route = under sub {...};
my $route = under '/:foo' => sub {...};
my $route = under '/:foo' => {foo => 'bar'};
my $route = under '/:foo' => [foo => qr/\w+/];
my $route = under [format => 0];

Generate nested route with "under" in Mojolicious::Routes::Route, to which all following routes are automatically appended. See also Mojolicious::Guides::Tutorial for more argument variations.

websocket

my $route = websocket '/:foo' => sub {...};
my $route = websocket '/:foo' => {foo => 'bar'} => sub {...};
my $route = websocket '/:foo' => [foo => qr/\w+/] => sub {...};

Generate route with "websocket" in Mojolicious::Routes::Route, matching only WebSocket handshakes. See also Mojolicious::Guides::Tutorial for many more argument variations.

ATTRIBUTES

Mojolicious::Lite inherits all attributes from Mojolicious.

METHODS

Mojolicious::Lite inherits all methods from Mojolicious.

SEE ALSO

Mojolicious, Mojolicious::Guides, http://mojolicio.us.