One of the projects I’m working on is in Perl. Having never touched Perl before, this is a bit of a new adventure! Today I had to sanitize a field being passed by a url. This took me a few google searches before I found the right answer, so I’m going to write down the solution really quick here so I don’t forget it.
Here’s the code:
# assuming $message is your user-inputed data use HTML::Entities; my $encoded_message = HTML::Entities::encode($message);
Then you can print your $encoded_message out in html and you will not be vulnerable to XSS attacks.
I literally just looked at Perl for the first time today, so any tips are welcome!