Description: When taking user input through any number of forms, there could be characters that you aren’t expecting. This is exactly what HTML::Entities was designed to handle. When getting the user input, it converts it into a form that can help in mitigating certain types of web based scripting attacks.
CPAN: HTML::Entities
Example 1:
The general example of using
1 | encode_entities() |
is probably also the most common. It basically says to encode everything in the string that its possible to encode.
# Always be safe and smart use strict; use warnings; # Use the module use HTML::Entities; my $html = "bad stuff here&#$%"; $html = encode_entities($html); print "HTML: $html\\n"; __OUTPUT__ HTML: bad stuff here�
Example 2:
This is the slightly more specific example as it uses only specific sets of characters as the “unsafe” characters.
# Always be safe and smart use strict; use warnings; # Use the module use HTML::Entities; my $html = "bad stuff here&#$%"; $html = encode_entities($html, "\\x80-\\xff"); print "HTML: $html\\n"; __OUTPUT__ HTML: bad stuff here&#0
Example 3:
This is an example of
1 | decode_entities() |
which does the reverse. It checks the string to see if there are any HTML encoded characters and decodes them into their Unicode equivalent. This is the general version of
1 | decode_entities() |
which is similar to the version of
1 | encode_entities() |
demonstrated in Example 1.
# Always be safe and smart use strict; use warnings; # Use the module use HTML::Entities; my $html = "encoded: bad stuff here&#0"; $html = decode_entities($html); print "Unicode: $html\\n"; __OUTPUT__ Unicode: encoded: bad stuff here�
