471,349 Members | 1,872 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,349 software developers and data experts.

safe cgi parameter

I'm trying to pass xml into a cgi script and have some problems because I both
want to escape all my inputs (to avoid the possibility of an html injection
attack) and also allow my xml to be obtained in its original form.

I thought of this

from xml.sax.saxutils import escape as xmlEscape
class SafeCgiParam(str):
def __new__(cls,v):
return str.__new__(cls,xmlEscape(v))
def __init__(self,v):
self.__raw__ = v
so
>>x=SafeCgiParam('a<&>b')
print x
a&lt;&amp;&gt;b
>>print x.__raw__
a<&>b
ie always wrap the value, but access to the original is possible via __raw__.

However, if you do anything like x.strip() the original is lost. I'm not sure
that's a bad thing, but I thought I would ask what others do for this problem.
--
Robin Becker

Jun 4 '07 #1
0 739

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by Giobibo | last post: by
8 posts views Thread by ais523 | last post: by
5 posts views Thread by Rasmus | last post: by
5 posts views Thread by Rasmus | last post: by
7 posts views Thread by Tom | last post: by
1 post views Thread by Gerry Vandermaesen | last post: by
reply views Thread by WebSnozz | last post: by
reply views Thread by XIAOLAOHU | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.