|Subject:||LoadFile returns tainted data|
In chasing a CPAN::PERL5INC bug, it became apparent that YAML::Syck was tainting data returned from LoadFile and YAML/YAML::Tiny weren't. Not sure what the right answer is, but the inconsistency should be addressed. Excerpt from my email about it to Schwern, Andreas and interested parties follows: Show quoted text
> Sorry -- I wasn't clear. CPAN::PERL5INC just gets a list of > directories from a YAML data file and unshifts them to @INC. It can > use any of the YAML modules that provide LoadFile(). > > The issue appears to be that YAML::Syck returns a tainted data > structure. It doesn't happen with YAML or YAML::Tiny. I would > presume that YAML and YAML::Tiny use regexes to parse the YAML file > and that leads to an untainted structure.