[Tutor] Untainting CGI parameters

Alan G alan.gauld at freenet.co.uk
Thu Aug 11 00:04:33 CEST 2005

> I would like to untaint all parameters with which my CGI script is 
> called. Example:

Can you explain 'untaint'??? Not a term I'm familiar with...

> if parameters.has_key('type'):
>     match = re.search('\w+', parameters['type'].value)
>     type = match.group()
> else: type = 'page'

I Python "it's better to ask forgiveness than permission" so...

   type = re.search('\w+', parameters['type'].value).group()
except KeyError: type = 'page'


Alan G
Author of the Learn to Program web tutor

More information about the Tutor mailing list