in reply to Re^2: Taint mode limitations
in thread Taint mode limitations
However, I suspect that (c) would strongly encourage people to clean and untaint() their user intputs as soon as they acquire them...
Regardless of the existence or presence of taint mode, secure applications do this already.
I understand your argument (reusing capture groups for untainting was a mistake of the premature reuse of a feature), but I don't see the current situation as an onerous burden. Even without taint mode I would still write my code to perform input validation at the edges of the program, just as I handle encoding concerns at IO boundaries.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^4: Taint mode limitations
by Anonymous Monk on Nov 04, 2012 at 15:56 UTC | |
by Anonymous Monk on Nov 04, 2012 at 16:18 UTC |
In Section
Seekers of Perl Wisdom