Home     |     .Net Programming    |     cSharp Home    |     Sql Server Home    |     Javascript / Client Side Development     |     Ajax Programming

Ruby on Rails Development     |     Perl Programming     |     C Programming Language     |     C++ Programming     |     IT Jobs

Python Programming Language     |     Laptop Suggestions?    |     TCL Scripting     |     Fortran Programming     |     Scheme Programming Language


 
 
Cervo Technologies
The Right Source to Outsource

MS Dynamics CRM 3.0

Python Programming Language

safe cgi parameter


I'm trying to pass xml into a cgi script and have some problems because I both
want to escape all my inputs (to avoid the possibility of an html injection
attack) and also allow my xml to be obtained in its original form.

I thought of this

from xml.sax.saxutils import escape as xmlEscape
class SafeCgiParam(str):
        def __new__(cls,v):
                return str.__new__(cls,xmlEscape(v))
        def __init__(self,v):
                self.__raw__ = v

so

 >>> x=SafeCgiParam('a<&>b')
 >>> print x
a&lt;&amp;&gt;b
 >>> print x.__raw__
a<&>b

ie always wrap the value, but access to the original is possible via __raw__.

However, if you do anything like x.strip() the original is lost. I'm not sure
that's a bad thing, but I thought I would ask what others do for this problem.
--
Robin Becker

Add to del.icio.us | Digg this | Stumble it | Powered by Megasolutions Inc