For those who are unaware, the untainting method described in the third option refers specifically to tainting behaviour for hash keys - That is, hash keys are not tainted, ever. From perlsec - Because taintedness is associated with each scalar value, some elements of an array or hash can be tainted and others not. The keys of a hash are never tainted.
As per WikiPedia Taint means in computer science, in particular in the Perl programming language, "tainted" data are considered untrusted and are treated with caution
Some Guru may want to add some more information to it, since it is described in a short manner.
Is a 'horn' synonymous with a reference I wonder :). There's potential for a new Acme:: module here.
Oh Lord, won’t you burn me a Knoppix CD ?
My friends all rate Windows, I must disagree.
Your powers of persuasion will set them all free,
So oh Lord, won’t you burn me a Knoppix CD ? (Missquoting Janis Joplin)
There's no general way to untaint my vars, as they aren't supposed to contain general values. To make sense, each plausibility check needs to be done individually as to what needs to be checked for, thereby untainting the variable. Simplifying that much doesn't make sense in real life.
Don't blame me for not getting the joke this time =)
I got it, will use the unicorn's horn...
it appears that if you take a string apart to bits and reassemble, the result is untainted as the individual bits can't be tainted. In contrast, bytes are eight times larger then characters so they're large enough for taint to stick on them, thus the following doesn't untaint the string but returns it unchanged.
I thought the whole point of running in taint mode in the first place was to remind yourself to sanity-check all the user input and ensure it doesn't have any bizarroid stuff in it that you didn't expect, and that the recommended best practice was to combine untainting with validating, as in