CatalystX::RequestRole::StrictParams - Insist users specify HTTP method for form parameters
Insist users specify HTTP method for form parameters
package MyApp; use base 'Catalyst'; use Catalyst; use CatalystX::RoleApplicator; __PACKAGE__->apply_request_class_roles('CatalystX::RequestRole::StrictParams');
Perl wrappers around the CGI protocol frequently make it too easy to write exploitable code by conflating
POST parameters. Implementers instead should be considering whether a given request is retrieving (GET) or modifying (POST) data.
This role removes access to
param from Catalyst request objects, forcing users to use
Cross-site Scripting vulnerabilities are easy to introduce, and often subtle. While using this module reduces the threat surface a little, it in no way provides general protection from all (or maybe even most) attacks.
Initial development sponsored by NET-A-PORTER http://www.net-a-porter.com/, through their generous open-source support.
Peter Sergeant -