...
Because taint mode does not distinguish between different contexts, it cannot discern that text sanitized for a URL should not be provided to a text field and vice versa. Therefore, we do not recommend using taint mode for scripts that interact with the web.
Risk Assessment
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
IDS01-PL | medium | probable | medium | P12 | L2 |
Bibliography
Birznieks, Gunther, "CGI/Perl Taint Mode FAQ Version 1.0", June 3, 1998
[CPAN] Bunce, Tim, DBI
[CPAN] Stosberg, Mark, CGI
Lester, Andy. "Perl's taint mode to the rescue", O'Reilly OULamp.com. Friday November 17, 2006 1:51PM
Schwartz, Randal L, "Taint checking made simple", Unix Review Column 33 (Aug 2000), Stonehenge, the Perl Review
[Wall 2011] perlsec
StackOverflow "Is Perl's taint mode useful?, Feb 9 2010 10:56
...