Ron Savage


Javascript::MD5 - Calculate the MD5 digest of a CGI form field


This is a complete, runnable, tested program.


        use strict;
        use warnings;

        use CGI;
        use Javascript::MD5;

        # ------------------

        my($q)  = CGI -> new();
        my($p)  = $q -> param('my_password') || '';
        my($js) = Javascript::MD5 -> new();

        print $q -> header(),
      $q -> start_html({script => $js -> javascript('my_password'), title => 'Javascript::MD5'}),
      $q -> h1({align => 'center'}, 'Javascript::MD5'),
      "Previous value: $p",
      $q -> br(),
      $q -> start_form({action => $q -> url(), name => 'md5'}),
      'Username: ',
      $q -> textfield({name => 'my_username', size => 50}),
      $q -> br(),
      'Password: ',
      $q -> password_field({name => 'my_password', size => 50}),
      $q -> br(),
      'Generate str2hex_md5: ',
      $q -> submit({onClick => 'return str2hex_md5()'}),
      $q -> end_form(),
      $q -> end_html();


Javascript::MD5 is a pure Perl module.

This module allows you to convert user input, eg a password, into the MD5 digest of that input.

This means the password itself need never be transmitted across the network - only the MD5 digest need be transmitted.


This module is available both as a Unix-style distro (*.tgz) and an ActiveState-style distro (*.ppd). The latter is shipped in a *.zip file.

See for details.

See for help on unpacking and installing each type of distro.

Constructor and initialization

new(...) returns a Javascript::MD5 object.

This is the class's contructor.

Usage: Javascript::MD5 -> new().

new() does not take any parameters.

Method: javascript([$name_of_CGI_password_field][, $number_of_CGI_form])

Returns a block of Javascript which you must output as part of your HTML page.

Takes 2 optional parameters:

The name of the CGI field used to input the password

This field name defaults to 'password'.

The number of the CGI form within the HTML page

This field value defaults to 0, which is the first form on the page.

See the Synopsis for one way to do this.

Note: if you pass just 1 parameter, it is assumed to be the name of a field.

Submitting a CGI Form

To disable this module, simply use a submit button of the form:

        $q -> submit();

To enable the module, use a submit button with an onClick event handler that calls a Javascript function which converts your CGI password field's value into the MD5 digest of that value. Use one of:

$q -> submit({onClick => 'return str2hex_md5()'});

Returns a string of length 32.

$q -> submit({onClick => 'return str2b64_md5()'});

Returns a string of length 22.

$q -> submit({onClick => 'return str2str_md5()'});

Return a string of length 16 (approx :-).

Example code

See the examples/ directory in the distro.

There is 1 demo file, md5.cgi.

This is a CGI script identical to the one in the synopsis.

Edit it to suit your circumstances.

Related Modules



Javascript::MD5 was written by Ron Savage <> in 2004.

Home page:


Australian copyright (c) 2004, Ron Savage. All Programs of mine are 'OSI Certified Open Source Software'; you can redistribute them and/or modify them under the terms of The Artistic License, a copy of which is available at: