...
This noncompliant code example demonstrates a XSS exploit. This code uses the CGI library module to display a web form, and is adopted from an example from the CGI.pm documentation The form queries the user for a name, and displays the resulting name on the page when the user clicks Submit.
...
In this case the trust boundary exists between the untrusted data and the CGI script, whereas the trusted domain is the web browser; or rather the HTML parsing and rendering engine within the web browser.
More details about sanitization of this code example can be found in IDS01-PL. Use taint mode while being aware of its limitations.
Noncompliant Code Example (Taint Mode)
...