GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
EscapeEvil(3) User Contributed Perl Documentation EscapeEvil(3)

HTML::EscapeEvil - Escape tag

0.05 

    use HTML::EscapeEvil;
    my $escapeevil = HTML::EscapeEvil->new;
    my $evil_html = <<HTML;
    <script type="text/javascript">
    <!--
    alert("script is evil tags!!");
    //-->
    </script>
    <iflame src="deny.html" width="100" height="100"></iframe>
    HTML

    $escapeevil->parse($html); #from string
    $escapeevil->parse_file($html_file); #from file or file handle

    my $clean_html = $escapeevil->filtered_html;
    $escapeevil->clear;

The tag that doesn't want to permit escapes all.

create instance

Example :

    my $escapeevil = HTML::EscapeEvil->new(
                                         allow_comment => 1,
                                         allow_declaration => 0,
                                         allow_process => 0,
                                         allow_tags => [qw(a l l o w t a g s)],
                                         #allow_tags => "one",# OK
                                        );

Option :

allow_comment : allow comment. default 0.

allow_declaration : allow_declaration. default 0.

allow_process : allow_process. default 0.

allow_tags : set allow tags

allow_script : allow script tag. default 0(is_allow_tags("script") OK)

allow_style : allow style tag. default 0(is_allow_tags("style") OK)

allow_entity_reference : allow entity reference. default 1

collection_process : collection process. default 0

When tag is not specified for allow_tags, default makes all tag invalid.

The setting is returned to default.

Example :

    $escapeevil->set_allow_tags(qw(t a g s));

The tag that wants to permit is added.

Example :

    $escapeevil->add_allow_tags(qw(t a g s));

The specified tag is not permitted.

Example :

    $escapeevil->deny_tags(qw(t a g s));

The list of the tag that has been permitted is returned.

Example :

    my @list = $escapeevil->get_allow_tags;

Whether it is tag that has been permitted is checked.

Example :

    print 'script is ', ($escapeevil->is_allow_tags('script')) ? 'allowed' : 'not allowed';

No permission of all

Example :

    $escapeevil->deny_all;

Whether the comment has been permitted is checked. Or, the setting change of the comment permission.

Example :

    print 'comment is ', ($escapeevil->allow_comment) ? 'allowed' : 'not allowed';
    $escapeevil->allow_comment(1); ## allow comment!

Whether the DOCTYPE declaration has been permitted is checked. Or, the setting change of the DOCTYPE declaration permission.

Example :

    print 'declaration is ', ($escapeevil->allow_declaration) ? 'allowed' : 'not allowed';
    $escapeevil->allow_declaration(1); ## allow declaration!

Whether the processing instruction has been permitted is checked. Or, the setting change of the processing instruction.

Example :

    print 'process is ', ($escapeevil->allow_process) ? 'allowed' : 'not allowed';
    $escapeevil->allow_process(1); ## allow process!

Whether the substance reference has been permitted is checked. Or, the setting change of the substance reference.

Example :

    print 'entity_reference is ', ($escapeevil->allow_entity_reference) ? 'allowed' : 'not allowed';
    $escapeevil->allow_entity_reference(1); ## allow entity_reference!

Whether it permits is checked script tag. Or, the setting change of script tag.

Example :

    print 'script is ', ($escapeevil->allow_script) ? 'allowed' : 'not allowed';
    $escapeevil->allow_script(1); ## allow script!

Whether it permits is checked style tag. Or, the setting change of style tag.

Example :

    print 'style is ', ($escapeevil->allow_style) ? 'allowed' : 'not allowed';
    $escapeevil->allow_style(1); ## allow style!

The setting change whether to collect process is done. Or, a present setting is acquired.

Example :

    print 'collection_process is ', ($escapeevil->collection_process) ? 'collection' : 'no collection';
    $escapeevil->collection_process(1); ##colloction process!

The reference of the array of the processing instruction list is acquired. (reading exclusive use)

Example :

    foreach(@{$escapeevil->processes}){

        my $process = $_;
        #example: eval $process ,system $process etc..
    }

HTML that escapes in the tag not permitted is returned.

Example :

    print $escapeevil->filetered_html;

HTML that escapes in the tag not permitted is written file.

Example :

    (e.g.1)
    $escapeevil->filtered_file("./filtered_file.html");
    (e.g.2)
    $escapeevil->filtered_file(*FILEHANDLE);

version 0.02 new method. parse(parse_file) and filtered_html(filtered_file) and eof,clear_process do.

Example :

    my $html = "<script type=\"text/javascript\"><!--alert(\"hello!\");//--></script>";
    (e.g.1)
    my $cleanhtml = $escapeevil->filtered($html);
    (e.g.2)
    $escapeevil->filtered($html,"writefile.html");
    (e.g.3)
    open FILEHANDLE,"< evil.html" or die $!;
    $escapeevil->filtered(*FILEHANDLE,"writefile.html");

Collected process is annulled.

Example :

    $escapeevil->clear_process;

Initialization of variable that liberates of HTML::Parser object and is internal. Please execute it when processing is completed.

Example :

    $escapeevil->clear;

VERSION 0.03.Javascript of event handler becomes invalid at allow_script(0) though event handler of javascript is defined in the tag that has been permitted, too.

Example :

    <a href="javascript:alert(1234)">hello</a> => <a href="javascript:void(0)">hello</a>
    <body onload="alert(5678)"> => <body onload="void(0)">

The definition of event handler is described in %HTML::Escape::JS_EVENT.

Please filtered_file must specify passing the file and specify the correct one. Die is executed when there are neither passing nor a writing authority that cannot be.

Processes is a method only for reading. When the value is set, die is done.

Carp http://search.cpan.org/~nwclark/perl-5.8.8/lib/Carp.pm

Class::Accessor http://search.cpan.org/~kasei/Class-Accessor-0.22/lib/Class/Accessor.pm

HTML::Element http://search.cpan.org/~petdance/HTML-Tree-3.1901/lib/HTML/Element.pm

HTML::Filter http://search.cpan.org/~gaas/HTML-Parser-3.46/lib/HTML/Filter.pm

HTML::Parser http://search.cpan.org/~gaas/HTML-Parser-3.46/Parser.pm

Carp Class::Accessor HTML::Element HTML::Filter HTML::Parser

Akira Horimoto <kurt0027@gmail.com>

Copyright (C) 2006 Akira Horimoto

This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

2006-05-13 perl v5.32.1
Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.