NAME

Maplat::Web::PreventGetWithArgs - prevent GET requests with arguments

SYNOPSIS

This module prevents GET requests with arguments.

DESCRIPTION

Most XSS attacks (cross site scripting) use GET requests with arguments/parameters to craft harmfull links. Since all maplat modules (at least the ones from this author) only POST arguments and/or use dynamically created URLS (and that only hold ID's), using this module should increase safety without bad side effects.

Configuration

        <module>
                <modname>preventgetargs</modname>
                <pm>PreventGetWithArgs</pm>
                <options>
                        <errorcode>414</errorcode>
                        <pagetext>414 Request-URI Too Long. Did you try to XSS?</pagetext>
                </options>
        </module>

it is highly recommended to configure this module as the cwfirstlast module, so it can catch this requests very early.

prefilter

Internal function.

Dependencies

This module does not depend on other webgui modules.

SEE ALSO

Maplat::Web

AUTHOR

Rene Schickbauer, <rene.schickbauer@gmail.com>

COPYRIGHT AND LICENSE

Copyright (C) 2008-2011 by Rene Schickbauer

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.10.0 or, at your option, any later version of Perl 5 you may have available.