http://www.perlmonks.org?node_id=177238


in reply to Re^2: Untainting safely. (b0iler proofing?)
in thread Untainting safely. (b0iler proofing?)

URLs and email addresses are never "unsafe" when handled safely. So if you're looking for Email::Valid, it's done.

And why you would be passing a date, time, or name near a shell. I'm still confused. That's still thinking from the wrong end.

As for your DROP TABLE example, if you are using placeholders correctly, that value wouldn't matter.

So, I'm still not convinced that there needs to be a standard "untainting" library. When the data is handled properly, we don't need to "match" "safe" data. Period.

-- Randal L. Schwartz, Perl hacker