http://www.perlmonks.org?node_id=369422


in reply to Is dynamic loading of pm's a bad thing?

Don't "strip dodgy characters" - you can never be sure that you got them all.

Your best bet would be to read the directory where the plugins are stored, and make a list of available plugins. Then compare the elements of that list with the parameter you got. That way, the user input only gets processed by the string comparison operator, which is much harder to fool than the directory listing functions.