Skip to main content

Supported Perl cleansing functions

Veracode recognizes these cleansing functions for CWE-80 in Perl CGI applications:

FunctionFlaw class
escapeHTML() from the CGI module for HTML markup escapingCWE-80
escape() from the CGI module for URL escapingCWE-80
encode_entities($scalar) from the HTML::Entities module for HTML markup escapingCWE-80

If Autoescape mode is enabled, which is the default since CGI.pm version 1.57, then these CGI functions automatically escape the output HTML:

FunctionFlaw class
textfield()CWE-80
textarea()CWE-80
password_field()CWE-80
filefield()CWE-80
popup_menu()CWE-80
optgroup()CWE-80
scrolling_list()CWE-80
checkbox_group()CWE-80
checkbox()CWE-80
radio_group()CWE-80
submit()CWE-80
defaults()CWE-80
hidden()CWE-80