Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

2shortplanks (968)

  (email not shown publicly)
AOL IM: trelane2sp (Add Buddy, Send Message)
Yahoo! ID: trelane2sp (Add User, Send Message)

Mark Fowler has never been the same since he was elected leader of the London Perl Mongers. The strain manifests itself mainly in releasing various [] modules [] to CPAN, giving talks [], and use of the Trelane nick on for endless procrastination. Doctors are still seeking a cure.
Wednesday February 05, 2003
07:04 AM


[ #10411 ]
So I've been experimenting with Tony Bowden's excellent CGI::Untaint module that can be used to automate the process of extracting verified data from CGI requests. This is making our lives so much easier for us at work for some of stuff we're up to at the moment.

One of the things you can do with this module is define your own "local extraction handlers" which are tiny four line modules that know how to extract data from a string for a particular type. For example, you can get ones for making sure the data is all digits, or ones for getting valid urls.

Of course, writing new local extraction handlers involves writing regular expressions. And as anyone knows, it's quite hard to write a complex regular expression and guarantee it's right - every once in a while you make a stupid mistake, so you have to check your work. The only real way to avoid this is to test your data. And that's where the module comes in: It's a Test::Builder compatible testing tool that can be used to test if the local extraction handler extracts the right thing from a string or rejects the string outright.

This is Profero's first open source module that we've uploaded to to CPAN, and I'm really happy that in addition to helping promote Perl we've finally released something of our own. Hopefully it'll be the first of many.

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.
  • I don't see the module up yet on, but does it have a facility for tainting data for the sake of testing? I've never had much happiness with either Taint module.


    • No, it doesn't - luckly I didn't have to deal with that.

      Any data that is extracted by a local extraction handler has to have run though a regular expression and therefore has to be untainted (at least in the -T sense of the word.)