diff options
| -rw-r--r-- | pod/perlsec.pod | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/pod/perlsec.pod b/pod/perlsec.pod index 53192cb3ca..8616c642d3 100644 --- a/pod/perlsec.pod +++ b/pod/perlsec.pod @@ -54,6 +54,23 @@ mechanism. Arguments to C<print> and C<syswrite> are B<not> checked for taintedness. +=item * + +Symbolic methods + + $obj->$method(@args); + +and symbolic sub references + + &{$foo}(@args); + $foo->(@args); + +are not checked for taintedness. This requires extra carefulness +unless you want external data to affect your control flow. Unless +you carefully limit what these symbolic values are, people are able +to call functions B<outside> your Perl code, such as POSIX::system, +in which case they are able to run arbitrary external code. + =back The value of an expression containing tainted data will itself be |