NAME
CatalystX::RequestRole::StrictParams - Insist users specify HTTP method for form parameters
VERSION
version 0.02
DESCRIPTION
Insist users specify HTTP method for form parameters
SYNOPSIS
package MyApp;
use base 'Catalyst';
use Catalyst;
use CatalystX::RoleApplicator;
__PACKAGE__->apply_request_class_roles('CatalystX::RequestRole::StrictParams');
EXPLANATION
Perl wrappers around the CGI protocol frequently make it too easy to write exploitable code by conflating GET
and POST
parameters. Implementers instead should be considering whether a given request is retrieving (GET) or modifying (POST) data.
This role removes access to params
, parameters
and param
from Catalyst request objects, forcing users to use body_parameters
and query_parameters
instead.
WARNING
Cross-site Scripting vulnerabilities are easy to introduce, and often subtle. While using this module reduces the threat surface a little, it in no way provides general protection from all (or maybe even most) attacks.
SPONSORED BY
Initial development sponsored by NET-A-PORTER http://www.net-a-porter.com/, through their generous open-source support.
AUTHOR
Peter Sergeant - pete@clueball.com