EscapeCage: escape strings and prevent injection attacks
EscapeCage: escape strings and prevent injection attacks
By Mark P Sullivan from NY.pm
Lightning talk
Language:
The EscapeCage module puts dangerous strings in a cage, easing their escaping to various encodings and preventing injection attacks. If an application cages all user-supplied strings, then a run-time exception will prevent application code from accidentally allowing an SQL, shell, cross-site scripting, etc injection attack. EscapeCage's paranoia can be adjusted for development. The concept is similar to "tainted" data, but is implemented by "overload"ing the '""' stringify method on blessed scalar references.