CGI input: Filter dict.update() unwanted variables

Miki Tebeka miki.tebeka at
Mon Aug 22 17:39:47 CEST 2011

> Is there an easy way to limit updates to
> ONLY variables in the allowedVariables dict?

allowedVariables = ['eeny', 'meeny', 'miny', 'mo']
form = cgi.FieldStorage()
safe_input = dict((key, form.getvalue(key)) for key in allowedVariables) 
> And in addition, maybe return an error so the attacker can be blocked?
You can check if there is a "non-allowed variable" and then return HTTP error.
if set(form) - set(allowedVariables):
    print('Status: 406\n\n')
    raise SystemExit()

Miki Tebeka <miki.tebeka at>

More information about the Python-list mailing list