Validating user input in perl
Applications rarely test for Unicode exploits and hence provide the attacker a route of attack.
The issue to remember here is that the application is safe if Unicode representation or other malformed representation is input.
Before we try to answer that question, let me point out that there are already, ready-made and high-quality solutions for these problems.
Example: The ASCII: the HTML:: Entities module would produce the following output: This would remove the threat posed by the original input.
I am not really sure if there are length limitation on either of the username or the domain name.
Because we will want to make sure the given string matches exactly our regex, we start with an anchor matching the beginning of the string We can use all lower-case characters as the e-mail addresses are case sensitive.
That does not look like a proper e-mail address but our test script prints "regex valid but not Email:: Valid".
So Email:: Valid rejected this, but our regex thought it is a correct e-mail.
The messageboard now has some protection against any script code that could have been entered by a malicious user.