Catalyst::Plugin::HTML::Scrubber - Catalyst plugin for scrubbing/sanitizing incoming parameters
use Catalyst qw[HTML::Scrubber]; MyApp->config( scrubber => { auto => 1, # automatically run on request # Exempt certain parameter names from scrubbing ignore_params => [ qr/_html$/, 'article_body' ], # Don't scrub at all for certain URL paths: ignore_paths => [ '/foo', qr{^/foo/.+}, ], # HTML::Scrubber will HTML-encode some chars, e.g. angle # brackets. If you don't want that, enable this setting and # the scrubbed values will be unencoded. no_decode_entities => 0, # The following are options to HTML::Scrubber params => [ default => 0, comment => 0, script => 0, process => 0, allow => [qw [ br hr b a h1]], ], }, );
On request, sanitize HTML tags in all params (with the ability to exempt some if needed), to protect against XSS (cross-site scripting) attacks and other unwanted things.
See SYNOPSIS for how to configure the plugin, both with its own configuration (e.g. whether to automatically run, whether to exempt certain fields) and passing on any options from HTML::Scrubber to control exactly what scrubbing happens.
Sanitize HTML tags in all parameters (unless `ignore_params` exempts them) - this includes normal POST params, and serialised data (e.g. a POSTed JSON body) accessed via `$c->req->body_data` or `$c->req->data`.
Catalyst, HTML::Scrubber.
Hideo Kimura, << <hide@hide-k.net> >> original author
David Precious (BIGPRESH), <davidp@preshweb.co.uk> maintainer since 2023-07-17
<davidp@preshweb.co.uk>
Copyright (C) 2005 by Hideo Kimura
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
To install Catalyst::Plugin::HTML::Scrubber, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Catalyst::Plugin::HTML::Scrubber
CPAN shell
perl -MCPAN -e shell install Catalyst::Plugin::HTML::Scrubber
For more information on module installation, please visit the detailed CPAN module installation guide.