[Tutor] Tainted characters and CGI
John Fouhy
john at fouhy.net
Tue Nov 1 00:09:36 CET 2005
On 01/11/05, Tim Johnson <tim at johnsons-web.com> wrote:
> Hello:
> I need to tighten my handling of CGI transmissions.
> I particular, I need to develop a strategy of safely dealing
> with "tainted" characters.
A friend of mine has written a module that may be useful to you:
"""
zstr is an extension of the Python str class that has a built-in
mechanism for escaping the string for use in different contexts. Most
importantly, a zstr object keeps track of its current display state,
making the escaping operations idempotent.
...
The main intent for zstr is to help with CGI and web-related code. CGI
programming involves a lot of string manipulation. For any given
string, there might be a user input version of it, an HTML-escaped
version of it, a SQL-escaped version of it, and possibly other
customised escaped versions for things like filtering certain HTML
tags but letting others through.
"""
Link: http://www.mcs.vuw.ac.nz/~jester/zstr/
--
John.
More information about the Tutor
mailing list