The Perl Toolchain Summit needs more sponsors. If your company depends on Perl, please support this very important event.
NAME
    Apache2::TaintRequest - HTML Escape tainted data to prevent CSS Attacks

SYNOPSIS
     use Apache2::TaintRequest ();

    sub handler { my $r = shift; $r = Apache2::TaintRequest->new($r);

        my $querystring = $r->query_string();
        $r->print($querystring);    # html is escaped...

        $querystring =~ s/<script>//;
        $r->print($querystring);    # html is NOT escaped...
    }

DESCRIPTION
    Note:          This code is derived from the *Apache::TaintRequest*
                   module, available as part of "The mod_perl Developer's
                   Cookbook".

    One of the harder problems facing web developers involves dealing with
    potential cross site scripting attacks. Frequently this involves many
    calls to HTML::Entities::escape_html().

    This module aims to automate this tedious process. It overrides the
    print mechanism in the mod_perl Apache module. The new print method
    tests each chunk of text for taintedness. If it is tainted we assume the
    worst and html-escape it before printing.

    Note that this module requires that you have the line

      PerlSwitches -T

    in your httpd.conf. This may have other unintended side effects, so be
    warned.

SEE ALSO
    perl(1), mod_perl(1), Apache(3), Taint, Apache::TaintRequest

    http://perl.apache.org/docs/2.0/user/porting/compat.html#C_PerlTaintChec
    k_

AUTHORS
    Fred Moyer <fred@redhotpenguin.com>

COPYRIGHT
    Apache2::TaintRequest Copryright (c) 2012, Fred Moyer

    Apache::TaintRequest Copyright (c) 2001, Paul Lindner, Geoffrey Young,
    Randy Kobes.

    All rights reserved.

    This module is free software. It may be used, redistributed and/or
    modified under the same terms as Perl itself.

HISTORY
    This code is derived from the *Apache::TaintRequest* module, available
    on the CPAN.