summaryrefslogtreecommitdiffstats
path: root/lib/Jaos/WebApp/Plugin/CleanParams.pm
blob: 9200057b1bd1a0125fc7ba171b9a19e4186a6c8e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
package Jaos::WebApp::Plugin::CleanParams;

sub encode_html {
    my $str = shift;
    $str =~ s/&/&/g;
    $str =~ s/>/>/g;
    $str =~ s/</&lt;/g;
    $str =~ s/"/&quot;/g;
    $str =~ s/'/&#39;/g;
    return $str;
}

sub register 
{
  my ($self, $app) = @_;

  $app->add_run_hook(
    pre_dispatch => sub {
      my ($ctx) = @_;

      if (my $params = $ctx->req->parameters) {
        my @keys   = $params->keys;
        for my $key (@keys) {
          my @values = $params->get_all($key);
          my @cleaned;
          for my $value (@values) {
            push @cleaned, encode_html($value);
          }

          $params->remove($key);
          $params->add($key, @cleaned); 
        }
      }

    }
  );


}

=head1 NAME

Jaos::WebApp::Plugin::CleanParams - html encode all parameters

=head1 SYNOPSIS

 package MyApp;

  sub startup
  {
    my $app = shift;
    $app->load_plugin('Jaos::WebApp::Plugin::CleanParams');
  }

 1;

=head1 DESCRIPTION

Jaos::WebApp::Plugin::CleanParams is a simple plugin using Plack::Util::encode_html
on each parameter.

=head1 METHODS

=head2 register

register adds callbacks to the pre_dispatch and post_dispatch hooks.
Each callback is passed the application object.

=head1 AUTHOR

Jason Woodward <woodwardj@jaos.org>

=head1 LICENSE

This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself.

=cut

1;