472,971 Members | 1,756 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > python > questions > safe cgi parameter

Join Bytes to post your question to a community of 472,971 software developers and data experts.

safe cgi parameter

I'm trying to pass xml into a cgi script and have some problems because I both
want to escape all my inputs (to avoid the possibility of an html injection
attack) and also allow my xml to be obtained in its original form.

I thought of this

from xml.sax.saxutils import escape as xmlEscape
class SafeCgiParam(str):
def __new__(cls,v):
return str.__new__(cls,xmlEscape(v))
def __init__(self,v):
self.__raw__ = v
so
>>x=SafeCgiParam('a<&>b')
print x
a&lt;&amp;&gt;b
>>print x.__raw__
a<&>b
ie always wrap the value, but access to the original is possible via __raw__.

However, if you do anything like x.strip() the original is lost. I'm not sure
that's a bad thing, but I thought I would ask what others do for this problem.
--
Robin Becker

Jun 4 '07 #1
0 765
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
mail() - fifth parameter in SAFE MODE
by: Giobibo | last post by:
Hi. I want to send mail with the function mail(). I am on a shared server in SAFE MODE. When I send a mail I get the message: "SAFE MODE Restriction in effect. The fifth parameter is...
PHP
6
Is this public static method for reading files thread safe
by: GG | last post by:
Is this public static method thread safe. //Receives a file name as a parameter //and returns the contents of that file as a string public static string FileToStr(string fileName) { FileStream...
C# / C Sharp
11
Multi-threaded safe singleton class question
by: John Lee | last post by:
Hi, I like the C# implemention of singleton class presented at MSDN. My question is that is it correct or right thing to do to modify that class to make the class will return the same instance...
C# / C Sharp
8
Is this string input function safe?
by: ais523 | last post by:
I use this function that I wrote for inputting strings. It's meant to return a pointer to mallocated memory holding one input string, or 0 on error. (Personally, I prefer to use 0 to NULL when...
C / C++
4
Elegant, clean and safe way of having multiple concurent parameters in a dbCommand
by: arak123 | last post by:
consider the following oversimplified and fictional code public void CreateInvoices(Invoice invoices) { IDbCommand command=Util.CreateDbCommand(); foreach(Invoice invoice in invoices) //lets...
C# / C Sharp
5
Make a Base64 string Url Safe
by: Rasmus | last post by:
In a asp.net site i need to make a url link like this:...
.NET Framework
5
How to make Base64 string url safe
by: Rasmus | last post by:
In a asp.net site i need to make a url link like this:...
ASP.NET
7
how safe is this mapping
by: Tom | last post by:
I create a object in function foo and then I pass the reference of the object to function bar like this void foo() { class_foo myFoo(); bar(myFoo); } void bar(class_foo& object)
C / C++
1
Compressing a string with URL safe characters
by: Gerry Vandermaesen | last post by:
Hi all, What would be the best way to encode and optimally also compress a long string with URL unsafe characters to be passed as a GET parameter? Example string: ...
PHP
0
Adding binaries to source safe
by: WebSnozz | last post by:
I would like to add my binaries from the Release directory of several projects to source safe. My hope is that I can get latest, build the project, and then check-in so that the binaries are...
C# / C Sharp
2
isladogs
Access Europe meeting on Wed 4 Oct - The future of Access
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 4 Oct 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
Microsoft Access / VBA
0
How to find best mobile app development company in usa
by: Aliciasmith | last post by:
In an age dominated by smartphones, having a mobile app for your business is no longer an option; it's a necessity. Whether you're a startup or an established enterprise, finding the right mobile app...
Mobile Development
2
Energy Model code modification to account for year dependent interest rate
by: giovanniandrean | last post by:
The energy model is structured as follows and uses excel sheets to give input data: 1-Utility.py contains all the functions needed to calculate the variables and other minor things (mentions...
Python
4
NeoPa
Send Current Object to PDF
by: NeoPa | last post by:
Hello everyone. I find myself stuck trying to find the VBA way to get Access to create a PDF of the currently-selected (and open) object (Form or Report). I know it can be done by selecting :...
Microsoft Access / VBA
3
NeoPa
VBA Class Basics
by: NeoPa | last post by:
Introduction For this article I'll be using a very simple database which has Form (clsForm) & Report (clsReport) classes that simply handle making the calling Form invisible until the Form, or all...
Microsoft Access / VBA
0
isladogs
Access Europe Meeting - Wed 1 Nov - Using SQL Server skills to extend Access
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 1 Nov 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM) Please note that the UK and Europe revert to winter time on...
Microsoft Access / VBA
0
NeoPa
VBA Class Basics (Report Class)
by: NeoPa | last post by:
Introduction For this article I'll be focusing on the Report (clsReport) class. This simply handles making the calling Form invisible until all of the Reports opened by it have been closed, when it...
Microsoft Access / VBA
0
isladogs
Access Europe Meeting - Wed 6 Dec - Streamline Your Import/Export Spec Workflow with VBA Classes
by: isladogs | last post by:
The next online meeting of the Access Europe User Group will be on Wednesday 6 Dec 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, Mike...
Microsoft Access / VBA
3
Take a Database to the Next Level
by: GKJR | last post by:
Does anyone have a recommendation to build a standalone application to replace an Access database? I have my bookkeeping software I developed in Access that I would like to make available to other...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!