NAME

Mojolicious::Plugin::FormValidatorLazy - FormValidatorLazy

SYNOPSIS

    plugin form_validator_lazy => {
        namespace => 'form_validator_lazy',
        action => ['/receptor1'],
        blackhole => sub {
            my ($c, $error) = @_;
            app->log($error);
            $c->res->code(400);
            $c->render(text => 'An error occured');
        },
    };

DESCRIPTION

This software is considered to be alpha quality and isn't recommended for regular usage.

Mojolicious::Plugin::FormValidatorLazy is a Mojolicious plugin for validating post data with auto-generated validation rules out of original forms. It analizes the HTML forms before sending them to client, generate the schema, inject it into original forms within a hidden fields so the plugin can detect the schema when a post request comes.

The plugin detects following error for now.

Unknown form fields.

The form fields represented by name attribute are all white listed and post data injected unknown fields are blocked.

Unknown values of selectable fields.

Selectable values of checkboxes, radio buttons and select options are white listed and unknow values are blocked.

The plugin also detects characteristics of tag types. Such as unchecked checkboxes don't appear to data(not required), radio buttons can't be null only when default value is offered(not null), and so on.

Hidden field tamperings.

Hidden typed input can't be ommited(required) and the value takes only one option. the plugin blocks values against the schema.

Values against maxlength attributes.

Values violating of maxlength are blocked.

HTML5 validation attributes

HTML5 supports some validation attributes such as [required], [pattern=*], [type=number], [min=*], [max=*]. The plugin detects them and block violations.

CSRF

This also detects CSRF.

EXAMPLE

Run t/test_app.pl and try to attack the forms.

    ./t/test_app.pl daemon

CLASS METHODS

inject

Generates a schema strings of form structure for each forms in mojo response and inject them into itself.

    my $injected = inject($html, $charset,
                                ['/path1', '/path2'], $token_key, $session_id);

AUTHOR

Sugama Keita, <sugama@jamadam.com>

COPYRIGHT AND LICENSE

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

To install Mojolicious::Plugin::FormValidatorLazy, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Mojolicious::Plugin::FormValidatorLazy

CPAN shell

perl -MCPAN -e shell
install Mojolicious::Plugin::FormValidatorLazy

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)