[Tutor] Tainted characters and CGI
Tim Johnson
tim at johnsons-web.com
Tue Nov 1 00:25:53 CET 2005
* John Fouhy <john at fouhy.net> [051031 14:16]:
> On 01/11/05, Tim Johnson <tim at johnsons-web.com> wrote:
> > Hello:
> > I need to tighten my handling of CGI transmissions.
> > I particular, I need to develop a strategy of safely dealing
> > with "tainted" characters.
>
> A friend of mine has written a module that may be useful to you:
Hey - great tip!
I will be checking this out thoroughly.
Thanks
(great word "idempotent")
tim
> """
> zstr is an extension of the Python str class that has a built-in
> mechanism for escaping the string for use in different contexts. Most
> importantly, a zstr object keeps track of its current display state,
> making the escaping operations idempotent.
> ...
> The main intent for zstr is to help with CGI and web-related code. CGI
> programming involves a lot of string manipulation. For any given
> string, there might be a user input version of it, an HTML-escaped
> version of it, a SQL-escaped version of it, and possibly other
> customised escaped versions for things like filtering certain HTML
> tags but letting others through.
> """
>
> Link: http://www.mcs.vuw.ac.nz/~jester/zstr/
>
> --
> John.
> _______________________________________________
> Tutor maillist - Tutor at python.org
> http://mail.python.org/mailman/listinfo/tutor
--
Tim Johnson <tim at johnsons-web.com>
http://www.alaska-internet-solutions.com
More information about the Tutor
mailing list