diff options
| -rw-r--r-- | Changes | 3 | ||||
| -rw-r--r-- | lib/Jaos/WebApp/Plugin/CleanParams.pm | 80 |
2 files changed, 83 insertions, 0 deletions
@@ -1,3 +1,6 @@ +0.2 May 16, 2010 + * added CleanParams plugin + 0.1 May 9, 2010 * initial release diff --git a/lib/Jaos/WebApp/Plugin/CleanParams.pm b/lib/Jaos/WebApp/Plugin/CleanParams.pm new file mode 100644 index 0000000..9200057 --- /dev/null +++ b/lib/Jaos/WebApp/Plugin/CleanParams.pm @@ -0,0 +1,80 @@ +package Jaos::WebApp::Plugin::CleanParams; + +sub encode_html { + my $str = shift; + $str =~ s/&/&/g; + $str =~ s/>/>/g; + $str =~ s/</</g; + $str =~ s/"/"/g; + $str =~ s/'/'/g; + return $str; +} + +sub register +{ + my ($self, $app) = @_; + + $app->add_run_hook( + pre_dispatch => sub { + my ($ctx) = @_; + + if (my $params = $ctx->req->parameters) { + my @keys = $params->keys; + for my $key (@keys) { + my @values = $params->get_all($key); + my @cleaned; + for my $value (@values) { + push @cleaned, encode_html($value); + } + + $params->remove($key); + $params->add($key, @cleaned); + } + } + + } + ); + + +} + +=head1 NAME + +Jaos::WebApp::Plugin::CleanParams - html encode all parameters + +=head1 SYNOPSIS + + package MyApp; + + sub startup + { + my $app = shift; + $app->load_plugin('Jaos::WebApp::Plugin::CleanParams'); + } + + 1; + +=head1 DESCRIPTION + +Jaos::WebApp::Plugin::CleanParams is a simple plugin using Plack::Util::encode_html +on each parameter. + +=head1 METHODS + +=head2 register + +register adds callbacks to the pre_dispatch and post_dispatch hooks. +Each callback is passed the application object. + +=head1 AUTHOR + +Jason Woodward <woodwardj@jaos.org> + +=head1 LICENSE + +This library is free software; you can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +1; |