[Petal] Output modifier idea

[William McKee]

Okay, here's another wild idea I'd like to get some feedback on. BTW, 
thanks for the input earlier today Jean-Michel. I haven't digested it yet, 
but will get to it soon.

I would like to convert web and email addresses to links on the fly. It 
seems like a modifier would be an ideal technique for performing this 
conversion of my data. It would need to handle multiple-lines of info with 
addresses potentially buried anywhere in the data. 

Basically, I'm trying to come up with a good technique to handle cross-
site scripting attacks and yet allow some hyperlinking ability within my 
application. Following the suggestion of the mod_perl cookbook, I'm using 
Apache::Util's escape_html function to convert all html tags to safe 
chars. Yeah, it's extreme but it's the easiest solution for me for now.

I could see where this modifier could potentially do all of that kind of 
filtering for me. Perhaps it would be better to filter the data as it is 
being output rather than as it is being received.... Would there be any 
benefit in having two modifiers--one to strip "unsafe" html and one to 
format addresses into valid links? Any comments/suggestions would be 
*much* appreciated.

Thanks,
William

-- 
 Lead Developer
 Knowmad Services Inc. || Internet Applications & Database Integration
 http://www.knowmad.com