Untaints the specified scalar
$scalar - the scalar to untaint
The passed in scalar.
# makes user input safe for use within a regex pattern # we use inline because all function return values are considered # tainted if an arg is tainted. inline allows us to abstract our # operation on the argument and untaint the value. inline quote_regex { untaint($1); $1 = "\\Q $+ $1 $+ \\E"; } println("before: " . iff(-istainted @ARGV[0], "tainted!", "not tainted")); quote_regex(@ARGV[0]); println("after: " . iff(-istainted @ARGV[0], "tainted!", "not tainted")); println(@ARGV[0]);
$ java -Dsleep.taint=true -jar sleep.jar untaint.sl ".*?" before: tainted! after: not tainted \Q.*?\E