SUMMARY
By default, regexes shouldn't untaint. Also, provide a toolkit for Safer
Untainting.
DETAILS
We're all aware of how you go about untainting data: run it through a regex and
grab the stuff that was in the parens:
unless ($var =~ m/^(\w+)$/)
or die 'unsafe data
--- [EMAIL PROTECTED] wrote:
| SUMMARY
| By default, regexes shouldn't untaint. Also, provide a
| toolkit for Safer Untainting.
| ...
| Ergo, I propose that regexes only untaint stuff in parens
| if you specifically tell them to do so. A capital-T
| switch would work nicely
__CODE__
#!/usr/bi
